X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/fb96637bf76fe8779e7a7e58f052b8f55ed76f4f..HEAD:/lib/controller/rpc/conn.go diff --git a/lib/controller/rpc/conn.go b/lib/controller/rpc/conn.go index 25f47bc3ba..3125ae29be 100644 --- a/lib/controller/rpc/conn.go +++ b/lib/controller/rpc/conn.go @@ -16,13 +16,16 @@ import ( "io/ioutil" "net" "net/http" + "net/http/httputil" "net/url" "strconv" "strings" + "sync" "time" "git.arvados.org/arvados.git/sdk/go/arvados" "git.arvados.org/arvados.git/sdk/go/auth" + "git.arvados.org/arvados.git/sdk/go/ctxlog" "git.arvados.org/arvados.git/sdk/go/httpserver" ) @@ -42,10 +45,13 @@ type Conn struct { SendHeader http.Header RedactHostInErrors bool - clusterID string - httpClient http.Client - baseURL url.URL - tokenProvider TokenProvider + clusterID string + httpClient http.Client + baseURL url.URL + tokenProvider TokenProvider + discoveryDocument *arvados.DiscoveryDocument + discoveryDocumentMtx sync.Mutex + discoveryDocumentExpires time.Time } func NewConn(clusterID string, url *url.URL, insecure bool, tp TokenProvider) *Conn { @@ -87,6 +93,8 @@ func (conn *Conn) requestAndDecode(ctx context.Context, dst interface{}, ep arva Scheme: conn.baseURL.Scheme, APIHost: conn.baseURL.Host, SendHeader: conn.SendHeader, + // Disable auto-retry + Timeout: 0, } tokens, err := conn.tokenProvider(ctx) if err != nil { @@ -142,10 +150,13 @@ func (conn *Conn) requestAndDecode(ctx context.Context, dst interface{}, ep arva } if len(tokens) > 1 { + if params == nil { + params = make(map[string]interface{}) + } params["reader_tokens"] = tokens[1:] } path := ep.Path - if strings.Contains(ep.Path, "/{uuid}") { + if strings.Contains(ep.Path, "/{uuid}") && params != nil { uuid, _ := params["uuid"].(string) path = strings.Replace(path, "/{uuid}", "/"+uuid, 1) delete(params, "uuid") @@ -185,6 +196,22 @@ func (conn *Conn) VocabularyGet(ctx context.Context) (arvados.Vocabulary, error) return resp, err } +func (conn *Conn) DiscoveryDocument(ctx context.Context) (arvados.DiscoveryDocument, error) { + conn.discoveryDocumentMtx.Lock() + defer conn.discoveryDocumentMtx.Unlock() + if conn.discoveryDocument != nil && time.Now().Before(conn.discoveryDocumentExpires) { + return *conn.discoveryDocument, nil + } + var dd arvados.DiscoveryDocument + err := conn.requestAndDecode(ctx, &dd, arvados.EndpointDiscoveryDocument, nil, nil) + if err != nil { + return dd, err + } + conn.discoveryDocument = &dd + conn.discoveryDocumentExpires = time.Now().Add(time.Hour) + return *conn.discoveryDocument, nil +} + func (conn *Conn) Login(ctx context.Context, options arvados.LoginOptions) (arvados.LoginResponse, error) { ep := arvados.EndpointLogin var resp arvados.LoginResponse @@ -216,6 +243,41 @@ func (conn *Conn) relativeToBaseURL(location string) string { return location } +func (conn *Conn) AuthorizedKeyCreate(ctx context.Context, options arvados.CreateOptions) (arvados.AuthorizedKey, error) { + ep := arvados.EndpointAuthorizedKeyCreate + var resp arvados.AuthorizedKey + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) AuthorizedKeyUpdate(ctx context.Context, options arvados.UpdateOptions) (arvados.AuthorizedKey, error) { + ep := arvados.EndpointAuthorizedKeyUpdate + var resp arvados.AuthorizedKey + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) AuthorizedKeyGet(ctx context.Context, options arvados.GetOptions) (arvados.AuthorizedKey, error) { + ep := arvados.EndpointAuthorizedKeyGet + var resp arvados.AuthorizedKey + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) AuthorizedKeyList(ctx context.Context, options arvados.ListOptions) (arvados.AuthorizedKeyList, error) { + ep := arvados.EndpointAuthorizedKeyList + var resp arvados.AuthorizedKeyList + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) AuthorizedKeyDelete(ctx context.Context, options arvados.DeleteOptions) (arvados.AuthorizedKey, error) { + ep := arvados.EndpointAuthorizedKeyDelete + var resp arvados.AuthorizedKey + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + func (conn *Conn) CollectionCreate(ctx context.Context, options arvados.CreateOptions) (arvados.Collection, error) { ep := arvados.EndpointCollectionCreate var resp arvados.Collection @@ -293,6 +355,13 @@ func (conn *Conn) ContainerUpdate(ctx context.Context, options arvados.UpdateOpt return resp, err } +func (conn *Conn) ContainerPriorityUpdate(ctx context.Context, options arvados.UpdateOptions) (arvados.Container, error) { + ep := arvados.EndpointContainerPriorityUpdate + var resp arvados.Container + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + func (conn *Conn) ContainerGet(ctx context.Context, options arvados.GetOptions) (arvados.Container, error) { ep := arvados.EndpointContainerGet var resp arvados.Container @@ -331,7 +400,36 @@ func (conn *Conn) ContainerUnlock(ctx context.Context, options arvados.GetOption // ContainerSSH returns a connection to the out-of-band SSH server for // a running container. If the returned error is nil, the caller is // responsible for closing sshconn.Conn. -func (conn *Conn) ContainerSSH(ctx context.Context, options arvados.ContainerSSHOptions) (sshconn arvados.ContainerSSHConnection, err error) { +func (conn *Conn) ContainerSSH(ctx context.Context, options arvados.ContainerSSHOptions) (sshconn arvados.ConnectionResponse, err error) { + u, err := conn.baseURL.Parse("/" + strings.Replace(arvados.EndpointContainerSSHCompat.Path, "{uuid}", options.UUID, -1)) + if err != nil { + err = fmt.Errorf("url.Parse: %w", err) + return + } + return conn.socket(ctx, u, "ssh", url.Values{ + "detach_keys": {options.DetachKeys}, + "login_username": {options.LoginUsername}, + "no_forward": {fmt.Sprintf("%v", options.NoForward)}, + }) +} + +// ContainerGatewayTunnel returns a connection to a yamux session on +// the controller. The caller should connect the returned resp.Conn to +// a client-side yamux session. +func (conn *Conn) ContainerGatewayTunnel(ctx context.Context, options arvados.ContainerGatewayTunnelOptions) (tunnelconn arvados.ConnectionResponse, err error) { + u, err := conn.baseURL.Parse("/" + strings.Replace(arvados.EndpointContainerGatewayTunnelCompat.Path, "{uuid}", options.UUID, -1)) + if err != nil { + err = fmt.Errorf("url.Parse: %w", err) + return + } + return conn.socket(ctx, u, "tunnel", url.Values{ + "auth_secret": {options.AuthSecret}, + }) +} + +// socket sets up a socket using the specified API endpoint and +// upgrade header. +func (conn *Conn) socket(ctx context.Context, u *url.URL, upgradeHeader string, postform url.Values) (connresp arvados.ConnectionResponse, err error) { addr := conn.baseURL.Host if strings.Index(addr, ":") < 1 || (strings.Contains(addr, "::") && addr[0] != '[') { // hostname or ::1 or 1::1 @@ -343,8 +441,7 @@ func (conn *Conn) ContainerSSH(ctx context.Context, options arvados.ContainerSSH } netconn, err := tls.Dial("tcp", addr, &tls.Config{InsecureSkipVerify: insecure}) if err != nil { - err = fmt.Errorf("tls.Dial: %w", err) - return + return connresp, fmt.Errorf("tls.Dial: %w", err) } defer func() { if err != nil { @@ -354,36 +451,30 @@ func (conn *Conn) ContainerSSH(ctx context.Context, options arvados.ContainerSSH bufr := bufio.NewReader(netconn) bufw := bufio.NewWriter(netconn) - u, err := conn.baseURL.Parse("/" + strings.Replace(arvados.EndpointContainerSSH.Path, "{uuid}", options.UUID, -1)) - if err != nil { - err = fmt.Errorf("tls.Dial: %w", err) - return - } - u.RawQuery = url.Values{ - "detach_keys": {options.DetachKeys}, - "login_username": {options.LoginUsername}, - }.Encode() tokens, err := conn.tokenProvider(ctx) if err != nil { - return + return connresp, err } else if len(tokens) < 1 { - err = httpserver.ErrorWithStatus(errors.New("unauthorized"), http.StatusUnauthorized) - return + return connresp, httpserver.ErrorWithStatus(errors.New("unauthorized"), http.StatusUnauthorized) } - bufw.WriteString("GET " + u.String() + " HTTP/1.1\r\n") + postdata := postform.Encode() + bufw.WriteString("POST " + u.String() + " HTTP/1.1\r\n") bufw.WriteString("Authorization: Bearer " + tokens[0] + "\r\n") bufw.WriteString("Host: " + u.Host + "\r\n") - bufw.WriteString("Upgrade: ssh\r\n") + bufw.WriteString("Upgrade: " + upgradeHeader + "\r\n") + bufw.WriteString("Content-Type: application/x-www-form-urlencoded\r\n") + fmt.Fprintf(bufw, "Content-Length: %d\r\n", len(postdata)) bufw.WriteString("\r\n") + bufw.WriteString(postdata) bufw.Flush() - resp, err := http.ReadResponse(bufr, &http.Request{Method: "GET"}) + resp, err := http.ReadResponse(bufr, &http.Request{Method: "POST"}) if err != nil { - err = fmt.Errorf("http.ReadResponse: %w", err) - return + return connresp, fmt.Errorf("http.ReadResponse: %w", err) } + defer resp.Body.Close() if resp.StatusCode != http.StatusSwitchingProtocols { - defer resp.Body.Close() - body, _ := ioutil.ReadAll(resp.Body) + ctxlog.FromContext(ctx).Infof("rpc.Conn.socket: server %s did not switch protocols, got status %s", u.String(), resp.Status) + body, _ := ioutil.ReadAll(io.LimitReader(resp.Body, 10000)) var message string var errDoc httpserver.ErrorResponse if err := json.Unmarshal(body, &errDoc); err == nil { @@ -391,17 +482,16 @@ func (conn *Conn) ContainerSSH(ctx context.Context, options arvados.ContainerSSH } else { message = fmt.Sprintf("%q", body) } - err = fmt.Errorf("server did not provide a tunnel: %s (HTTP %d)", message, resp.StatusCode) - return + return connresp, httpserver.ErrorWithStatus(fmt.Errorf("server did not provide a tunnel: %s: %s", resp.Status, message), resp.StatusCode) } - if strings.ToLower(resp.Header.Get("Upgrade")) != "ssh" || + if strings.ToLower(resp.Header.Get("Upgrade")) != upgradeHeader || strings.ToLower(resp.Header.Get("Connection")) != "upgrade" { - err = fmt.Errorf("bad response from server: Upgrade %q Connection %q", resp.Header.Get("Upgrade"), resp.Header.Get("Connection")) - return + return connresp, httpserver.ErrorWithStatus(fmt.Errorf("bad response from server: Upgrade %q Connection %q", resp.Header.Get("Upgrade"), resp.Header.Get("Connection")), http.StatusBadGateway) } - sshconn.Conn = netconn - sshconn.Bufrw = &bufio.ReadWriter{Reader: bufr, Writer: bufw} - return + connresp.Conn = netconn + connresp.Bufrw = &bufio.ReadWriter{Reader: bufr, Writer: bufw} + connresp.Header = resp.Header + return connresp, nil } func (conn *Conn) ContainerRequestCreate(ctx context.Context, options arvados.CreateOptions) (arvados.ContainerRequest, error) { @@ -439,6 +529,26 @@ func (conn *Conn) ContainerRequestDelete(ctx context.Context, options arvados.De return resp, err } +func (conn *Conn) ContainerRequestContainerStatus(ctx context.Context, options arvados.GetOptions) (arvados.ContainerStatus, error) { + ep := arvados.EndpointContainerRequestContainerStatus + var resp arvados.ContainerStatus + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) ContainerRequestLog(ctx context.Context, options arvados.ContainerLogOptions) (resp http.Handler, err error) { + proxy := &httputil.ReverseProxy{ + Transport: conn.httpClient.Transport, + Director: func(r *http.Request) { + u := conn.baseURL + u.Path = r.URL.Path + u.RawQuery = fmt.Sprintf("no_forward=%v", options.NoForward) + r.URL = &u + }, + } + return proxy, nil +} + func (conn *Conn) GroupCreate(ctx context.Context, options arvados.CreateOptions) (arvados.Group, error) { ep := arvados.EndpointGroupCreate var resp arvados.Group @@ -537,37 +647,44 @@ func (conn *Conn) LinkDelete(ctx context.Context, options arvados.DeleteOptions) return resp, err } -func (conn *Conn) SpecimenCreate(ctx context.Context, options arvados.CreateOptions) (arvados.Specimen, error) { - ep := arvados.EndpointSpecimenCreate - var resp arvados.Specimen +func (conn *Conn) LogCreate(ctx context.Context, options arvados.CreateOptions) (arvados.Log, error) { + ep := arvados.EndpointLogCreate + var resp arvados.Log + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) LogUpdate(ctx context.Context, options arvados.UpdateOptions) (arvados.Log, error) { + ep := arvados.EndpointLogUpdate + var resp arvados.Log err := conn.requestAndDecode(ctx, &resp, ep, nil, options) return resp, err } -func (conn *Conn) SpecimenUpdate(ctx context.Context, options arvados.UpdateOptions) (arvados.Specimen, error) { - ep := arvados.EndpointSpecimenUpdate - var resp arvados.Specimen +func (conn *Conn) LogGet(ctx context.Context, options arvados.GetOptions) (arvados.Log, error) { + ep := arvados.EndpointLogGet + var resp arvados.Log err := conn.requestAndDecode(ctx, &resp, ep, nil, options) return resp, err } -func (conn *Conn) SpecimenGet(ctx context.Context, options arvados.GetOptions) (arvados.Specimen, error) { - ep := arvados.EndpointSpecimenGet - var resp arvados.Specimen +func (conn *Conn) LogList(ctx context.Context, options arvados.ListOptions) (arvados.LogList, error) { + ep := arvados.EndpointLogList + var resp arvados.LogList err := conn.requestAndDecode(ctx, &resp, ep, nil, options) return resp, err } -func (conn *Conn) SpecimenList(ctx context.Context, options arvados.ListOptions) (arvados.SpecimenList, error) { - ep := arvados.EndpointSpecimenList - var resp arvados.SpecimenList +func (conn *Conn) LogDelete(ctx context.Context, options arvados.DeleteOptions) (arvados.Log, error) { + ep := arvados.EndpointLogDelete + var resp arvados.Log err := conn.requestAndDecode(ctx, &resp, ep, nil, options) return resp, err } -func (conn *Conn) SpecimenDelete(ctx context.Context, options arvados.DeleteOptions) (arvados.Specimen, error) { - ep := arvados.EndpointSpecimenDelete - var resp arvados.Specimen +func (conn *Conn) SysTrashSweep(ctx context.Context, options struct{}) (struct{}, error) { + ep := arvados.EndpointSysTrashSweep + var resp struct{} err := conn.requestAndDecode(ctx, &resp, ep, nil, options) return resp, err } @@ -645,6 +762,36 @@ func (conn *Conn) APIClientAuthorizationCurrent(ctx context.Context, options arv err := conn.requestAndDecode(ctx, &resp, ep, nil, options) return resp, err } +func (conn *Conn) APIClientAuthorizationCreate(ctx context.Context, options arvados.CreateOptions) (arvados.APIClientAuthorization, error) { + ep := arvados.EndpointAPIClientAuthorizationCreate + var resp arvados.APIClientAuthorization + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} +func (conn *Conn) APIClientAuthorizationUpdate(ctx context.Context, options arvados.UpdateOptions) (arvados.APIClientAuthorization, error) { + ep := arvados.EndpointAPIClientAuthorizationUpdate + var resp arvados.APIClientAuthorization + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} +func (conn *Conn) APIClientAuthorizationDelete(ctx context.Context, options arvados.DeleteOptions) (arvados.APIClientAuthorization, error) { + ep := arvados.EndpointAPIClientAuthorizationDelete + var resp arvados.APIClientAuthorization + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} +func (conn *Conn) APIClientAuthorizationList(ctx context.Context, options arvados.ListOptions) (arvados.APIClientAuthorizationList, error) { + ep := arvados.EndpointAPIClientAuthorizationList + var resp arvados.APIClientAuthorizationList + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} +func (conn *Conn) APIClientAuthorizationGet(ctx context.Context, options arvados.GetOptions) (arvados.APIClientAuthorization, error) { + ep := arvados.EndpointAPIClientAuthorizationGet + var resp arvados.APIClientAuthorization + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} type UserSessionAuthInfo struct { UserUUID string `json:"user_uuid"`