X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/c59093180fd92f0d7c6607a49458446212ebd058..9acc8cb9cd9ca4429712b0d31b647e9a6ecf2d96:/sdk/go/arvadosclient/arvadosclient.go diff --git a/sdk/go/arvadosclient/arvadosclient.go b/sdk/go/arvadosclient/arvadosclient.go index ae40a89a2b..24070c5b06 100644 --- a/sdk/go/arvadosclient/arvadosclient.go +++ b/sdk/go/arvadosclient/arvadosclient.go @@ -1,3 +1,7 @@ +// Copyright (C) The Arvados Authors. All rights reserved. +// +// SPDX-License-Identifier: Apache-2.0 + /* Simple Arvados Go SDK for communicating with API server. */ package arvadosclient @@ -5,22 +9,47 @@ package arvadosclient import ( "bytes" "crypto/tls" + "crypto/x509" "encoding/json" "errors" "fmt" "io" + "io/ioutil" + "log" "net/http" "net/url" "os" - "regexp" "strings" + "sync" + "time" + + "git.arvados.org/arvados.git/sdk/go/arvados" ) -// Errors +type StringMatcher func(string) bool + +var UUIDMatch StringMatcher = arvados.UUIDMatch +var PDHMatch StringMatcher = arvados.PDHMatch + var MissingArvadosApiHost = errors.New("Missing required environment variable ARVADOS_API_HOST") var MissingArvadosApiToken = errors.New("Missing required environment variable ARVADOS_API_TOKEN") +var ErrInvalidArgument = errors.New("Invalid argument") + +// A common failure mode is to reuse a keepalive connection that has been +// terminated (in a way that we can't detect) for being idle too long. +// POST and DELETE are not safe to retry automatically, so we minimize +// such failures by always using a new or recently active socket. +var MaxIdleConnectionDuration = 30 * time.Second -// Indicates an error that was returned by the API server. +var RetryDelay = 2 * time.Second + +var ( + defaultInsecureHTTPClient *http.Client + defaultSecureHTTPClient *http.Client + defaultHTTPClientMtx sync.Mutex +) + +// APIServerError contains an error that was returned by the API server. type APIServerError struct { // Address of server returning error, of the form "host:port". ServerAddress string @@ -40,19 +69,28 @@ func (e APIServerError) Error() string { e.HttpStatusCode, e.HttpStatusMessage, e.ServerAddress) - } else { - return fmt.Sprintf("arvados API server error: %d: %s returned by %s", - e.HttpStatusCode, - e.HttpStatusMessage, - e.ServerAddress) } + return fmt.Sprintf("arvados API server error: %d: %s returned by %s", + e.HttpStatusCode, + e.HttpStatusMessage, + e.ServerAddress) } -// Helper type so we don't have to write out 'map[string]interface{}' every time. +// StringBool tests whether s is suggestive of true. It returns true +// if s is a mixed/uppoer/lower-case variant of "1", "yes", or "true". +func StringBool(s string) bool { + s = strings.ToLower(s) + return s == "1" || s == "yes" || s == "true" +} + +// Dict is a helper type so we don't have to write out 'map[string]interface{}' every time. type Dict map[string]interface{} -// Information about how to contact the Arvados server +// ArvadosClient contains information about how to contact the Arvados server type ArvadosClient struct { + // https + Scheme string + // Arvados API server, form "host:port" ApiServer string @@ -68,56 +106,118 @@ type ArvadosClient struct { // If true, sets the X-External-Client header to indicate // the client is outside the cluster. External bool + + // Base URIs of Keep services, e.g., {"https://host1:8443", + // "https://host2:8443"}. If this is nil, Keep clients will + // use the arvados.v1.keep_services.accessible API to discover + // available services. + KeepServiceURIs []string + + // Discovery document + DiscoveryDoc Dict + + lastClosedIdlesAt time.Time + + // Number of retries + Retries int + + // X-Request-Id for outgoing requests + RequestID string } -// Create a new ArvadosClient, initialized with standard Arvados environment -// variables ARVADOS_API_HOST, ARVADOS_API_TOKEN, and (optionally) -// ARVADOS_API_HOST_INSECURE. -func MakeArvadosClient() (ac ArvadosClient, err error) { - var matchTrue = regexp.MustCompile("^(?i:1|yes|true)$") - insecure := matchTrue.MatchString(os.Getenv("ARVADOS_API_HOST_INSECURE")) - external := matchTrue.MatchString(os.Getenv("ARVADOS_EXTERNAL_CLIENT")) - - ac = ArvadosClient{ - ApiServer: os.Getenv("ARVADOS_API_HOST"), - ApiToken: os.Getenv("ARVADOS_API_TOKEN"), - ApiInsecure: insecure, - Client: &http.Client{Transport: &http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: insecure}}}, - External: external} - - if ac.ApiServer == "" { - return ac, MissingArvadosApiHost +var CertFiles = []string{ + "/etc/arvados/ca-certificates.crt", + "/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc. + "/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL +} + +// MakeTLSConfig sets up TLS configuration for communicating with +// Arvados and Keep services. +func MakeTLSConfig(insecure bool) *tls.Config { + tlsconfig := tls.Config{InsecureSkipVerify: insecure} + + if !insecure { + // Use the first entry in CertFiles that we can read + // certificates from. If none of those work out, use + // the Go defaults. + certs := x509.NewCertPool() + for _, file := range CertFiles { + data, err := ioutil.ReadFile(file) + if err != nil { + if !os.IsNotExist(err) { + log.Printf("proceeding without loading cert file %q: %s", file, err) + } + continue + } + if !certs.AppendCertsFromPEM(data) { + log.Printf("unable to load any certificates from %v", file) + continue + } + tlsconfig.RootCAs = certs + break + } } - if ac.ApiToken == "" { - return ac, MissingArvadosApiToken + + return &tlsconfig +} + +// New returns an ArvadosClient using the given arvados.Client +// configuration. This is useful for callers who load arvados.Client +// fields from configuration files but still need to use the +// arvadosclient.ArvadosClient package. +func New(c *arvados.Client) (*ArvadosClient, error) { + ac := &ArvadosClient{ + Scheme: "https", + ApiServer: c.APIHost, + ApiToken: c.AuthToken, + ApiInsecure: c.Insecure, + Client: &http.Client{ + Timeout: 5 * time.Minute, + Transport: &http.Transport{ + TLSClientConfig: MakeTLSConfig(c.Insecure)}, + }, + External: false, + Retries: 2, + KeepServiceURIs: c.KeepServiceURIs, + lastClosedIdlesAt: time.Now(), } - return ac, err + return ac, nil } -// Low-level access to a resource. -// -// method - HTTP method, one of GET, HEAD, PUT, POST or DELETE -// resource - the arvados resource to act on -// uuid - the uuid of the specific item to access (may be empty) -// action - sub-action to take on the resource or uuid (may be empty) -// parameters - method parameters -// -// return -// reader - the body reader, or nil if there was an error -// err - error accessing the resource, or nil if no error -func (this ArvadosClient) CallRaw(method string, resource string, uuid string, action string, parameters Dict) (reader io.ReadCloser, err error) { - var req *http.Request +// MakeArvadosClient creates a new ArvadosClient using the standard +// environment variables ARVADOS_API_HOST, ARVADOS_API_TOKEN, +// ARVADOS_API_HOST_INSECURE, ARVADOS_EXTERNAL_CLIENT, and +// ARVADOS_KEEP_SERVICES. +func MakeArvadosClient() (ac *ArvadosClient, err error) { + ac, err = New(arvados.NewClientFromEnv()) + if err != nil { + return + } + ac.External = StringBool(os.Getenv("ARVADOS_EXTERNAL_CLIENT")) + return +} +// CallRaw is the same as Call() but returns a Reader that reads the +// response body, instead of taking an output object. +func (c *ArvadosClient) CallRaw(method string, resourceType string, uuid string, action string, parameters Dict) (reader io.ReadCloser, err error) { + scheme := c.Scheme + if scheme == "" { + scheme = "https" + } + if c.ApiServer == "" { + return nil, fmt.Errorf("Arvados client is not configured (target API host is not set). Maybe env var ARVADOS_API_HOST should be set first?") + } u := url.URL{ - Scheme: "https", - Host: this.ApiServer} + Scheme: scheme, + Host: c.ApiServer} - u.Path = "/arvados/v1" + if resourceType != ApiDiscoveryResource { + u.Path = "/arvados/v1" + } - if resource != "" { - u.Path = u.Path + "/" + resource + if resourceType != "" { + u.Path = u.Path + "/" + resourceType } if uuid != "" { u.Path = u.Path + "/" + uuid @@ -130,46 +230,85 @@ func (this ArvadosClient) CallRaw(method string, resource string, uuid string, a parameters = make(Dict) } - parameters["format"] = "json" - vals := make(url.Values) for k, v := range parameters { - m, err := json.Marshal(v) - if err == nil { + if s, ok := v.(string); ok { + vals.Set(k, s) + } else if m, err := json.Marshal(v); err == nil { vals.Set(k, string(m)) } } - if method == "GET" || method == "HEAD" { - u.RawQuery = vals.Encode() - if req, err = http.NewRequest(method, u.String(), nil); err != nil { - return nil, err - } - } else { - if req, err = http.NewRequest(method, u.String(), bytes.NewBufferString(vals.Encode())); err != nil { - return nil, err - } - req.Header.Add("Content-Type", "application/x-www-form-urlencoded") + retryable := false + switch method { + case "GET", "HEAD", "PUT", "OPTIONS", "DELETE": + retryable = true } - // Add api token header - req.Header.Add("Authorization", fmt.Sprintf("OAuth2 %s", this.ApiToken)) - if this.External { - req.Header.Add("X-External-Client", "1") + // Non-retryable methods such as POST are not safe to retry automatically, + // so we minimize such failures by always using a new or recently active socket + if !retryable { + if time.Since(c.lastClosedIdlesAt) > MaxIdleConnectionDuration { + c.lastClosedIdlesAt = time.Now() + c.Client.Transport.(*http.Transport).CloseIdleConnections() + } } // Make the request + var req *http.Request var resp *http.Response - if resp, err = this.Client.Do(req); err != nil { - return nil, err - } - if resp.StatusCode == http.StatusOK { - return resp.Body, nil + for attempt := 0; attempt <= c.Retries; attempt++ { + if method == "GET" || method == "HEAD" { + u.RawQuery = vals.Encode() + if req, err = http.NewRequest(method, u.String(), nil); err != nil { + return nil, err + } + } else { + if req, err = http.NewRequest(method, u.String(), bytes.NewBufferString(vals.Encode())); err != nil { + return nil, err + } + req.Header.Add("Content-Type", "application/x-www-form-urlencoded") + } + + // Add api token header + req.Header.Add("Authorization", fmt.Sprintf("OAuth2 %s", c.ApiToken)) + if c.RequestID != "" { + req.Header.Add("X-Request-Id", c.RequestID) + } + if c.External { + req.Header.Add("X-External-Client", "1") + } + + resp, err = c.Client.Do(req) + if err != nil { + if retryable { + time.Sleep(RetryDelay) + continue + } else { + return nil, err + } + } + + if resp.StatusCode == http.StatusOK { + return resp.Body, nil + } + + defer resp.Body.Close() + + switch resp.StatusCode { + case 408, 409, 422, 423, 500, 502, 503, 504: + time.Sleep(RetryDelay) + continue + default: + return nil, newAPIServerError(c.ApiServer, resp) + } } - defer resp.Body.Close() - return nil, newAPIServerError(this.ApiServer, resp) + if resp != nil { + return nil, newAPIServerError(c.ApiServer, resp) + } + return nil, err } func newAPIServerError(ServerAddress string, resp *http.Response) APIServerError { @@ -201,19 +340,20 @@ func newAPIServerError(ServerAddress string, resp *http.Response) APIServerError return ase } -// Access to a resource. +// Call an API endpoint and parse the JSON response into an object. // -// method - HTTP method, one of GET, HEAD, PUT, POST or DELETE -// resource - the arvados resource to act on -// uuid - the uuid of the specific item to access (may be empty) -// action - sub-action to take on the resource or uuid (may be empty) -// parameters - method parameters -// output - a map or annotated struct which is a legal target for encoding/json/Decoder -// return -// err - error accessing the resource, or nil if no error -func (this ArvadosClient) Call(method string, resource string, uuid string, action string, parameters Dict, output interface{}) (err error) { - var reader io.ReadCloser - reader, err = this.CallRaw(method, resource, uuid, action, parameters) +// method - HTTP method: GET, HEAD, PUT, POST, PATCH or DELETE. +// resourceType - the type of arvados resource to act on (e.g., "collections", "pipeline_instances"). +// uuid - the uuid of the specific item to access. May be empty. +// action - API method name (e.g., "lock"). This is often empty if implied by method and uuid. +// parameters - method parameters. +// output - a map or annotated struct which is a legal target for encoding/json/Decoder. +// +// Returns a non-nil error if an error occurs making the API call, the +// API responds with a non-successful HTTP status, or an error occurs +// parsing the response body. +func (c *ArvadosClient) Call(method, resourceType, uuid, action string, parameters Dict, output interface{}) error { + reader, err := c.CallRaw(method, resourceType, uuid, action, parameters) if reader != nil { defer reader.Close() } @@ -230,48 +370,92 @@ func (this ArvadosClient) Call(method string, resource string, uuid string, acti return nil } -// Create a new instance of a resource. -// -// resource - the arvados resource on which to create an item -// parameters - method parameters -// output - a map or annotated struct which is a legal target for encoding/json/Decoder -// return -// err - error accessing the resource, or nil if no error -func (this ArvadosClient) Create(resource string, parameters Dict, output interface{}) (err error) { - return this.Call("POST", resource, "", "", parameters, output) +// Create a new resource. See Call for argument descriptions. +func (c *ArvadosClient) Create(resourceType string, parameters Dict, output interface{}) error { + return c.Call("POST", resourceType, "", "", parameters, output) } -// Delete an instance of a resource. -// -// resource - the arvados resource on which to delete an item -// uuid - the item to delete -// parameters - method parameters -// output - a map or annotated struct which is a legal target for encoding/json/Decoder -// return -// err - error accessing the resource, or nil if no error -func (this ArvadosClient) Delete(resource string, uuid string, parameters Dict, output interface{}) (err error) { - return this.Call("DELETE", resource, uuid, "", parameters, output) +// Delete a resource. See Call for argument descriptions. +func (c *ArvadosClient) Delete(resource string, uuid string, parameters Dict, output interface{}) (err error) { + return c.Call("DELETE", resource, uuid, "", parameters, output) } -// Update fields of an instance of a resource. -// -// resource - the arvados resource on which to update the item -// uuid - the item to update -// parameters - method parameters -// output - a map or annotated struct which is a legal target for encoding/json/Decoder -// return -// err - error accessing the resource, or nil if no error -func (this ArvadosClient) Update(resource string, uuid string, parameters Dict, output interface{}) (err error) { - return this.Call("PUT", resource, uuid, "", parameters, output) +// Update attributes of a resource. See Call for argument descriptions. +func (c *ArvadosClient) Update(resourceType string, uuid string, parameters Dict, output interface{}) (err error) { + return c.Call("PUT", resourceType, uuid, "", parameters, output) } -// List the instances of a resource -// -// resource - the arvados resource on which to list -// parameters - method parameters -// output - a map or annotated struct which is a legal target for encoding/json/Decoder -// return -// err - error accessing the resource, or nil if no error -func (this ArvadosClient) List(resource string, parameters Dict, output interface{}) (err error) { - return this.Call("GET", resource, "", "", parameters, output) +// Get a resource. See Call for argument descriptions. +func (c *ArvadosClient) Get(resourceType string, uuid string, parameters Dict, output interface{}) (err error) { + if !UUIDMatch(uuid) && !(resourceType == "collections" && PDHMatch(uuid)) { + // No object has uuid == "": there is no need to make + // an API call. Furthermore, the HTTP request for such + // an API call would be "GET /arvados/v1/type/", which + // is liable to be misinterpreted as the List API. + return ErrInvalidArgument + } + return c.Call("GET", resourceType, uuid, "", parameters, output) +} + +// List resources of a given type. See Call for argument descriptions. +func (c *ArvadosClient) List(resource string, parameters Dict, output interface{}) (err error) { + return c.Call("GET", resource, "", "", parameters, output) +} + +const ApiDiscoveryResource = "discovery/v1/apis/arvados/v1/rest" + +// Discovery returns the value of the given parameter in the discovery +// document. Returns a non-nil error if the discovery document cannot +// be retrieved/decoded. Returns ErrInvalidArgument if the requested +// parameter is not found in the discovery document. +func (c *ArvadosClient) Discovery(parameter string) (value interface{}, err error) { + if len(c.DiscoveryDoc) == 0 { + c.DiscoveryDoc = make(Dict) + err = c.Call("GET", ApiDiscoveryResource, "", "", nil, &c.DiscoveryDoc) + if err != nil { + return nil, err + } + } + + var found bool + value, found = c.DiscoveryDoc[parameter] + if found { + return value, nil + } + return value, ErrInvalidArgument +} + +// ClusterConfig returns the value of the given key in the current cluster's +// exported config. If key is an empty string, it'll return the entire config. +func (c *ArvadosClient) ClusterConfig(key string) (config interface{}, err error) { + var clusterConfig interface{} + err = c.Call("GET", "config", "", "", nil, &clusterConfig) + if err != nil { + return nil, err + } + if key == "" { + return clusterConfig, nil + } + configData, ok := clusterConfig.(map[string]interface{})[key] + if !ok { + return nil, ErrInvalidArgument + } + return configData, nil +} + +func (c *ArvadosClient) httpClient() *http.Client { + if c.Client != nil { + return c.Client + } + cl := &defaultSecureHTTPClient + if c.ApiInsecure { + cl = &defaultInsecureHTTPClient + } + if *cl == nil { + defaultHTTPClientMtx.Lock() + defer defaultHTTPClientMtx.Unlock() + *cl = &http.Client{Transport: &http.Transport{ + TLSClientConfig: MakeTLSConfig(c.ApiInsecure)}} + } + return *cl }