mirror of
https://github.com/prometheus/prometheus.git
synced 2025-01-13 06:47:28 -08:00
Resolve merge conflicts
This commit is contained in:
commit
ac702f66eb
29
CHANGELOG.md
29
CHANGELOG.md
|
@ -1,3 +1,32 @@
|
||||||
|
## 1.2.1 / 2016-10-10
|
||||||
|
|
||||||
|
* [BUGFIX] Count chunk evictions properly so that the server doesn't
|
||||||
|
assume it runs out of memory and subsequencly throttles ingestion.
|
||||||
|
* [BUGFIX] Use Go1.7.1 for prebuilt binaries to fix issues on MacOS Sierra.
|
||||||
|
|
||||||
|
## 1.2.0 / 2016-10-07
|
||||||
|
|
||||||
|
* [FEATURE] Cleaner encoding of query parameters in `/graph` URLs.
|
||||||
|
* [FEATURE] PromQL: Add `minute()` function.
|
||||||
|
* [FEATURE] Add GCE service discovery.
|
||||||
|
* [FEATURE] Allow any valid UTF-8 string as job name.
|
||||||
|
* [FEATURE] Allow disabling local storage.
|
||||||
|
* [FEATURE] EC2 service discovery: Expose `ec2_instance_state`.
|
||||||
|
* [ENHANCEMENT] Various performance improvements in local storage.
|
||||||
|
* [BUGFIX] Zookeeper service discovery: Remove deleted nodes.
|
||||||
|
* [BUGFIX] Zookeeper service discovery: Resync state after Zookeeper failure.
|
||||||
|
* [BUGFIX] Remove JSON from HTTP Accept header.
|
||||||
|
* [BUGFIX] Fix flag validation of Alertmanager URL.
|
||||||
|
* [BUGFIX] Fix race condition on shutdown.
|
||||||
|
* [BUGFIX] Do not fail Consul discovery on Prometheus startup when Consul
|
||||||
|
is down.
|
||||||
|
* [BUGFIX] Handle NaN in `changes()` correctly.
|
||||||
|
* [CHANGE] **Experimental** remote write path: Remove use of gRPC.
|
||||||
|
* [CHANGE] **Experimental** remote write path: Configuration via config file
|
||||||
|
rather than command line flags.
|
||||||
|
* [FEATURE] **Experimental** remote write path: Add HTTP basic auth and TLS.
|
||||||
|
* [FEATURE] **Experimental** remote write path: Support for relabelling.
|
||||||
|
|
||||||
## 1.1.3 / 2016-09-16
|
## 1.1.3 / 2016-09-16
|
||||||
|
|
||||||
* [ENHANCEMENT] Use golang-builder base image for tests in CircleCI.
|
* [ENHANCEMENT] Use golang-builder base image for tests in CircleCI.
|
||||||
|
|
6
NOTICE
6
NOTICE
|
@ -18,6 +18,12 @@ Original written by @mdo and @fat
|
||||||
Copyright 2014 Bass Jobsen @bassjobsen
|
Copyright 2014 Bass Jobsen @bassjobsen
|
||||||
Licensed under the Apache License, Version 2.0
|
Licensed under the Apache License, Version 2.0
|
||||||
|
|
||||||
|
fuzzy
|
||||||
|
https://github.com/mattyork/fuzzy
|
||||||
|
Original written by @mattyork
|
||||||
|
Copyright 2012 Matt York
|
||||||
|
Licensed under the MIT License
|
||||||
|
|
||||||
bootstrap-datetimepicker.js
|
bootstrap-datetimepicker.js
|
||||||
http://www.eyecon.ro/bootstrap-datepicker
|
http://www.eyecon.ro/bootstrap-datepicker
|
||||||
Copyright 2012 Stefan Petre
|
Copyright 2012 Stefan Petre
|
||||||
|
|
|
@ -127,10 +127,7 @@ var (
|
||||||
}
|
}
|
||||||
|
|
||||||
// DefaultKubernetesSDConfig is the default Kubernetes SD configuration
|
// DefaultKubernetesSDConfig is the default Kubernetes SD configuration
|
||||||
DefaultKubernetesSDConfig = KubernetesSDConfig{
|
DefaultKubernetesSDConfig = KubernetesSDConfig{}
|
||||||
RequestTimeout: model.Duration(10 * time.Second),
|
|
||||||
RetryInterval: model.Duration(1 * time.Second),
|
|
||||||
}
|
|
||||||
|
|
||||||
// DefaultGCESDConfig is the default EC2 SD configuration.
|
// DefaultGCESDConfig is the default EC2 SD configuration.
|
||||||
DefaultGCESDConfig = GCESDConfig{
|
DefaultGCESDConfig = GCESDConfig{
|
||||||
|
@ -804,31 +801,13 @@ func (c *MarathonSDConfig) UnmarshalYAML(unmarshal func(interface{}) error) erro
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// KubernetesSDConfig is the configuration for Kubernetes service discovery.
|
|
||||||
type KubernetesSDConfig struct {
|
|
||||||
APIServers []URL `yaml:"api_servers"`
|
|
||||||
Role KubernetesRole `yaml:"role"`
|
|
||||||
InCluster bool `yaml:"in_cluster,omitempty"`
|
|
||||||
BasicAuth *BasicAuth `yaml:"basic_auth,omitempty"`
|
|
||||||
BearerToken string `yaml:"bearer_token,omitempty"`
|
|
||||||
BearerTokenFile string `yaml:"bearer_token_file,omitempty"`
|
|
||||||
RetryInterval model.Duration `yaml:"retry_interval,omitempty"`
|
|
||||||
RequestTimeout model.Duration `yaml:"request_timeout,omitempty"`
|
|
||||||
TLSConfig TLSConfig `yaml:"tls_config,omitempty"`
|
|
||||||
|
|
||||||
// Catches all undefined fields and must be empty after parsing.
|
|
||||||
XXX map[string]interface{} `yaml:",inline"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type KubernetesRole string
|
type KubernetesRole string
|
||||||
|
|
||||||
const (
|
const (
|
||||||
KubernetesRoleNode = "node"
|
KubernetesRoleNode = "node"
|
||||||
KubernetesRolePod = "pod"
|
KubernetesRolePod = "pod"
|
||||||
KubernetesRoleContainer = "container"
|
KubernetesRoleService = "service"
|
||||||
KubernetesRoleService = "service"
|
KubernetesRoleEndpoint = "endpoints"
|
||||||
KubernetesRoleEndpoint = "endpoint"
|
|
||||||
KubernetesRoleAPIServer = "apiserver"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func (c *KubernetesRole) UnmarshalYAML(unmarshal func(interface{}) error) error {
|
func (c *KubernetesRole) UnmarshalYAML(unmarshal func(interface{}) error) error {
|
||||||
|
@ -836,16 +815,29 @@ func (c *KubernetesRole) UnmarshalYAML(unmarshal func(interface{}) error) error
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
switch *c {
|
switch *c {
|
||||||
case KubernetesRoleNode, KubernetesRolePod, KubernetesRoleContainer, KubernetesRoleService, KubernetesRoleEndpoint, KubernetesRoleAPIServer:
|
case KubernetesRoleNode, KubernetesRolePod, KubernetesRoleService, KubernetesRoleEndpoint:
|
||||||
return nil
|
return nil
|
||||||
default:
|
default:
|
||||||
return fmt.Errorf("Unknown Kubernetes SD role %q", *c)
|
return fmt.Errorf("Unknown Kubernetes SD role %q", *c)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// KubernetesSDConfig is the configuration for Kubernetes service discovery.
|
||||||
|
type KubernetesSDConfig struct {
|
||||||
|
APIServer URL `yaml:"api_server"`
|
||||||
|
Role KubernetesRole `yaml:"role"`
|
||||||
|
BasicAuth *BasicAuth `yaml:"basic_auth,omitempty"`
|
||||||
|
BearerToken string `yaml:"bearer_token,omitempty"`
|
||||||
|
BearerTokenFile string `yaml:"bearer_token_file,omitempty"`
|
||||||
|
TLSConfig TLSConfig `yaml:"tls_config,omitempty"`
|
||||||
|
|
||||||
|
// Catches all undefined fields and must be empty after parsing.
|
||||||
|
XXX map[string]interface{} `yaml:",inline"`
|
||||||
|
}
|
||||||
|
|
||||||
// UnmarshalYAML implements the yaml.Unmarshaler interface.
|
// UnmarshalYAML implements the yaml.Unmarshaler interface.
|
||||||
func (c *KubernetesSDConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
|
func (c *KubernetesSDConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
|
||||||
*c = DefaultKubernetesSDConfig
|
*c = KubernetesSDConfig{}
|
||||||
type plain KubernetesSDConfig
|
type plain KubernetesSDConfig
|
||||||
err := unmarshal((*plain)(c))
|
err := unmarshal((*plain)(c))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -855,10 +847,7 @@ func (c *KubernetesSDConfig) UnmarshalYAML(unmarshal func(interface{}) error) er
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if c.Role == "" {
|
if c.Role == "" {
|
||||||
return fmt.Errorf("role missing (one of: container, pod, service, endpoint, node, apiserver)")
|
return fmt.Errorf("role missing (one of: pod, service, endpoints, node)")
|
||||||
}
|
|
||||||
if len(c.APIServers) == 0 {
|
|
||||||
return fmt.Errorf("Kubernetes SD configuration requires at least one Kubernetes API server")
|
|
||||||
}
|
}
|
||||||
if len(c.BearerToken) > 0 && len(c.BearerTokenFile) > 0 {
|
if len(c.BearerToken) > 0 && len(c.BearerTokenFile) > 0 {
|
||||||
return fmt.Errorf("at most one of bearer_token & bearer_token_file must be configured")
|
return fmt.Errorf("at most one of bearer_token & bearer_token_file must be configured")
|
||||||
|
@ -899,7 +888,7 @@ func (c *GCESDConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if err := checkOverflow(c.XXX, "ec2_sd_config"); err != nil {
|
if err := checkOverflow(c.XXX, "gce_sd_config"); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if c.Project == "" {
|
if c.Project == "" {
|
||||||
|
|
|
@ -235,14 +235,12 @@ var expectedConf = &Config{
|
||||||
|
|
||||||
KubernetesSDConfigs: []*KubernetesSDConfig{
|
KubernetesSDConfigs: []*KubernetesSDConfig{
|
||||||
{
|
{
|
||||||
APIServers: []URL{kubernetesSDHostURL()},
|
APIServer: kubernetesSDHostURL(),
|
||||||
Role: KubernetesRoleEndpoint,
|
Role: KubernetesRoleEndpoint,
|
||||||
BasicAuth: &BasicAuth{
|
BasicAuth: &BasicAuth{
|
||||||
Username: "myusername",
|
Username: "myusername",
|
||||||
Password: "mypassword",
|
Password: "mypassword",
|
||||||
},
|
},
|
||||||
RequestTimeout: model.Duration(10 * time.Second),
|
|
||||||
RetryInterval: model.Duration(1 * time.Second),
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
5
config/testdata/conf.good.yml
vendored
5
config/testdata/conf.good.yml
vendored
|
@ -115,9 +115,8 @@ scrape_configs:
|
||||||
- job_name: service-kubernetes
|
- job_name: service-kubernetes
|
||||||
|
|
||||||
kubernetes_sd_configs:
|
kubernetes_sd_configs:
|
||||||
- role: endpoint
|
- role: endpoints
|
||||||
api_servers:
|
api_server: 'https://localhost:1234'
|
||||||
- 'https://localhost:1234'
|
|
||||||
|
|
||||||
basic_auth:
|
basic_auth:
|
||||||
username: 'myusername'
|
username: 'myusername'
|
||||||
|
|
|
@ -3,8 +3,7 @@ scrape_configs:
|
||||||
|
|
||||||
kubernetes_sd_configs:
|
kubernetes_sd_configs:
|
||||||
- role: node
|
- role: node
|
||||||
api_servers:
|
api_server: 'https://localhost:1234'
|
||||||
- 'https://localhost:1234'
|
|
||||||
|
|
||||||
bearer_token: 1234
|
bearer_token: 1234
|
||||||
bearer_token_file: somefile
|
bearer_token_file: somefile
|
||||||
|
|
|
@ -3,8 +3,7 @@ scrape_configs:
|
||||||
|
|
||||||
kubernetes_sd_configs:
|
kubernetes_sd_configs:
|
||||||
- role: pod
|
- role: pod
|
||||||
api_servers:
|
api_server: 'https://localhost:1234'
|
||||||
- 'https://localhost:1234'
|
|
||||||
|
|
||||||
bearer_token: 1234
|
bearer_token: 1234
|
||||||
basic_auth:
|
basic_auth:
|
||||||
|
|
|
@ -218,22 +218,27 @@ func contextDone(ctx context.Context, env string) error {
|
||||||
// Engine handles the lifetime of queries from beginning to end.
|
// Engine handles the lifetime of queries from beginning to end.
|
||||||
// It is connected to a querier.
|
// It is connected to a querier.
|
||||||
type Engine struct {
|
type Engine struct {
|
||||||
// The querier on which the engine operates.
|
// A Querier constructor against an underlying storage.
|
||||||
querier local.Querier
|
queryable Queryable
|
||||||
// The gate limiting the maximum number of concurrent and waiting queries.
|
// The gate limiting the maximum number of concurrent and waiting queries.
|
||||||
gate *queryGate
|
gate *queryGate
|
||||||
options *EngineOptions
|
options *EngineOptions
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Queryable allows opening a storage querier.
|
||||||
|
type Queryable interface {
|
||||||
|
Querier() (local.Querier, error)
|
||||||
|
}
|
||||||
|
|
||||||
// NewEngine returns a new engine.
|
// NewEngine returns a new engine.
|
||||||
func NewEngine(querier local.Querier, o *EngineOptions) *Engine {
|
func NewEngine(queryable Queryable, o *EngineOptions) *Engine {
|
||||||
if o == nil {
|
if o == nil {
|
||||||
o = DefaultEngineOptions
|
o = DefaultEngineOptions
|
||||||
}
|
}
|
||||||
return &Engine{
|
return &Engine{
|
||||||
querier: querier,
|
queryable: queryable,
|
||||||
gate: newQueryGate(o.MaxConcurrentQueries),
|
gate: newQueryGate(o.MaxConcurrentQueries),
|
||||||
options: o,
|
options: o,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -351,13 +356,18 @@ func (ng *Engine) exec(ctx context.Context, q *query) (model.Value, error) {
|
||||||
|
|
||||||
// execEvalStmt evaluates the expression of an evaluation statement for the given time range.
|
// execEvalStmt evaluates the expression of an evaluation statement for the given time range.
|
||||||
func (ng *Engine) execEvalStmt(ctx context.Context, query *query, s *EvalStmt) (model.Value, error) {
|
func (ng *Engine) execEvalStmt(ctx context.Context, query *query, s *EvalStmt) (model.Value, error) {
|
||||||
|
querier, err := ng.queryable.Querier()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
defer querier.Close()
|
||||||
|
|
||||||
prepareTimer := query.stats.GetTimer(stats.QueryPreparationTime).Start()
|
prepareTimer := query.stats.GetTimer(stats.QueryPreparationTime).Start()
|
||||||
err := ng.populateIterators(ctx, s)
|
err = ng.populateIterators(ctx, querier, s)
|
||||||
prepareTimer.Stop()
|
prepareTimer.Stop()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
defer ng.closeIterators(s)
|
defer ng.closeIterators(s)
|
||||||
|
|
||||||
evalTimer := query.stats.GetTimer(stats.InnerEvalTime).Start()
|
evalTimer := query.stats.GetTimer(stats.InnerEvalTime).Start()
|
||||||
|
@ -463,20 +473,20 @@ func (ng *Engine) execEvalStmt(ctx context.Context, query *query, s *EvalStmt) (
|
||||||
return resMatrix, nil
|
return resMatrix, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ng *Engine) populateIterators(ctx context.Context, s *EvalStmt) error {
|
func (ng *Engine) populateIterators(ctx context.Context, querier local.Querier, s *EvalStmt) error {
|
||||||
var queryErr error
|
var queryErr error
|
||||||
Inspect(s.Expr, func(node Node) bool {
|
Inspect(s.Expr, func(node Node) bool {
|
||||||
switch n := node.(type) {
|
switch n := node.(type) {
|
||||||
case *VectorSelector:
|
case *VectorSelector:
|
||||||
if s.Start.Equal(s.End) {
|
if s.Start.Equal(s.End) {
|
||||||
n.iterators, queryErr = ng.querier.QueryInstant(
|
n.iterators, queryErr = querier.QueryInstant(
|
||||||
ctx,
|
ctx,
|
||||||
s.Start.Add(-n.Offset),
|
s.Start.Add(-n.Offset),
|
||||||
StalenessDelta,
|
StalenessDelta,
|
||||||
n.LabelMatchers...,
|
n.LabelMatchers...,
|
||||||
)
|
)
|
||||||
} else {
|
} else {
|
||||||
n.iterators, queryErr = ng.querier.QueryRange(
|
n.iterators, queryErr = querier.QueryRange(
|
||||||
ctx,
|
ctx,
|
||||||
s.Start.Add(-n.Offset-StalenessDelta),
|
s.Start.Add(-n.Offset-StalenessDelta),
|
||||||
s.End.Add(-n.Offset),
|
s.End.Add(-n.Offset),
|
||||||
|
@ -487,7 +497,7 @@ func (ng *Engine) populateIterators(ctx context.Context, s *EvalStmt) error {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
case *MatrixSelector:
|
case *MatrixSelector:
|
||||||
n.iterators, queryErr = ng.querier.QueryRange(
|
n.iterators, queryErr = querier.QueryRange(
|
||||||
ctx,
|
ctx,
|
||||||
s.Start.Add(-n.Offset-n.Range),
|
s.Start.Add(-n.Offset-n.Range),
|
||||||
s.End.Add(-n.Offset),
|
s.End.Add(-n.Offset),
|
||||||
|
|
|
@ -61,12 +61,17 @@ func relabel(labels model.LabelSet, cfg *config.RelabelConfig) model.LabelSet {
|
||||||
if indexes == nil {
|
if indexes == nil {
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
target := model.LabelName(cfg.Regex.ExpandString([]byte{}, string(cfg.TargetLabel), val, indexes))
|
||||||
|
if !target.IsValid() {
|
||||||
|
delete(labels, cfg.TargetLabel)
|
||||||
|
break
|
||||||
|
}
|
||||||
res := cfg.Regex.ExpandString([]byte{}, cfg.Replacement, val, indexes)
|
res := cfg.Regex.ExpandString([]byte{}, cfg.Replacement, val, indexes)
|
||||||
if len(res) == 0 {
|
if len(res) == 0 {
|
||||||
delete(labels, cfg.TargetLabel)
|
delete(labels, cfg.TargetLabel)
|
||||||
} else {
|
break
|
||||||
labels[cfg.TargetLabel] = model.LabelValue(res)
|
|
||||||
}
|
}
|
||||||
|
labels[target] = model.LabelValue(res)
|
||||||
case config.RelabelHashMod:
|
case config.RelabelHashMod:
|
||||||
mod := sum64(md5.Sum([]byte(val))) % cfg.Modulus
|
mod := sum64(md5.Sum([]byte(val))) % cfg.Modulus
|
||||||
labels[cfg.TargetLabel] = model.LabelValue(fmt.Sprintf("%d", mod))
|
labels[cfg.TargetLabel] = model.LabelValue(fmt.Sprintf("%d", mod))
|
||||||
|
|
|
@ -277,6 +277,106 @@ func TestRelabel(t *testing.T) {
|
||||||
"my_baz": "bbb",
|
"my_baz": "bbb",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{ // valid case
|
||||||
|
input: model.LabelSet{
|
||||||
|
"a": "some-name-value",
|
||||||
|
},
|
||||||
|
relabel: []*config.RelabelConfig{
|
||||||
|
{
|
||||||
|
SourceLabels: model.LabelNames{"a"},
|
||||||
|
Regex: config.MustNewRegexp("some-([^-]+)-([^,]+)"),
|
||||||
|
Action: config.RelabelReplace,
|
||||||
|
Replacement: "${2}",
|
||||||
|
TargetLabel: model.LabelName("${1}"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
output: model.LabelSet{
|
||||||
|
"a": "some-name-value",
|
||||||
|
"name": "value",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{ // invalid replacement ""
|
||||||
|
input: model.LabelSet{
|
||||||
|
"a": "some-name-value",
|
||||||
|
},
|
||||||
|
relabel: []*config.RelabelConfig{
|
||||||
|
{
|
||||||
|
SourceLabels: model.LabelNames{"a"},
|
||||||
|
Regex: config.MustNewRegexp("some-([^-]+)-([^,]+)"),
|
||||||
|
Action: config.RelabelReplace,
|
||||||
|
Replacement: "${3}",
|
||||||
|
TargetLabel: model.LabelName("${1}"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
output: model.LabelSet{
|
||||||
|
"a": "some-name-value",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{ // invalid target_labels
|
||||||
|
input: model.LabelSet{
|
||||||
|
"a": "some-name-value",
|
||||||
|
},
|
||||||
|
relabel: []*config.RelabelConfig{
|
||||||
|
{
|
||||||
|
SourceLabels: model.LabelNames{"a"},
|
||||||
|
Regex: config.MustNewRegexp("some-([^-]+)-([^,]+)"),
|
||||||
|
Action: config.RelabelReplace,
|
||||||
|
Replacement: "${1}",
|
||||||
|
TargetLabel: model.LabelName("${3}"),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
SourceLabels: model.LabelNames{"a"},
|
||||||
|
Regex: config.MustNewRegexp("some-([^-]+)-([^,]+)"),
|
||||||
|
Action: config.RelabelReplace,
|
||||||
|
Replacement: "${1}",
|
||||||
|
TargetLabel: model.LabelName("0${3}"),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
SourceLabels: model.LabelNames{"a"},
|
||||||
|
Regex: config.MustNewRegexp("some-([^-]+)-([^,]+)"),
|
||||||
|
Action: config.RelabelReplace,
|
||||||
|
Replacement: "${1}",
|
||||||
|
TargetLabel: model.LabelName("-${3}"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
output: model.LabelSet{
|
||||||
|
"a": "some-name-value",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{ // more complex real-life like usecase
|
||||||
|
input: model.LabelSet{
|
||||||
|
"__meta_sd_tags": "path:/secret,job:some-job,label:foo=bar",
|
||||||
|
},
|
||||||
|
relabel: []*config.RelabelConfig{
|
||||||
|
{
|
||||||
|
SourceLabels: model.LabelNames{"__meta_sd_tags"},
|
||||||
|
Regex: config.MustNewRegexp("(?:.+,|^)path:(/[^,]+).*"),
|
||||||
|
Action: config.RelabelReplace,
|
||||||
|
Replacement: "${1}",
|
||||||
|
TargetLabel: model.LabelName("__metrics_path__"),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
SourceLabels: model.LabelNames{"__meta_sd_tags"},
|
||||||
|
Regex: config.MustNewRegexp("(?:.+,|^)job:([^,]+).*"),
|
||||||
|
Action: config.RelabelReplace,
|
||||||
|
Replacement: "${1}",
|
||||||
|
TargetLabel: model.LabelName("job"),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
SourceLabels: model.LabelNames{"__meta_sd_tags"},
|
||||||
|
Regex: config.MustNewRegexp("(?:.+,|^)label:([^=]+)=([^,]+).*"),
|
||||||
|
Action: config.RelabelReplace,
|
||||||
|
Replacement: "${2}",
|
||||||
|
TargetLabel: model.LabelName("${1}"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
output: model.LabelSet{
|
||||||
|
"__meta_sd_tags": "path:/secret,job:some-job,label:foo=bar",
|
||||||
|
"__metrics_path__": "/secret",
|
||||||
|
"job": "some-job",
|
||||||
|
"foo": "bar",
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for i, test := range tests {
|
for i, test := range tests {
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
package discovery
|
package discovery
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"github.com/prometheus/common/log"
|
||||||
"github.com/prometheus/prometheus/config"
|
"github.com/prometheus/prometheus/config"
|
||||||
"github.com/prometheus/prometheus/retrieval/discovery/consul"
|
"github.com/prometheus/prometheus/retrieval/discovery/consul"
|
||||||
"github.com/prometheus/prometheus/retrieval/discovery/dns"
|
"github.com/prometheus/prometheus/retrieval/discovery/dns"
|
||||||
|
@ -27,15 +28,8 @@ func NewConsul(cfg *config.ConsulSDConfig) (*consul.Discovery, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewKubernetesDiscovery creates a Kubernetes service discovery based on the passed-in configuration.
|
// NewKubernetesDiscovery creates a Kubernetes service discovery based on the passed-in configuration.
|
||||||
func NewKubernetesDiscovery(conf *config.KubernetesSDConfig) (*kubernetes.Discovery, error) {
|
func NewKubernetesDiscovery(conf *config.KubernetesSDConfig) (*kubernetes.Kubernetes, error) {
|
||||||
kd := &kubernetes.Discovery{
|
return kubernetes.New(log.Base(), conf)
|
||||||
Conf: conf,
|
|
||||||
}
|
|
||||||
err := kd.Initialize()
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return kd, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewMarathon creates a new Marathon based discovery.
|
// NewMarathon creates a new Marathon based discovery.
|
||||||
|
|
|
@ -29,18 +29,21 @@ import (
|
||||||
"golang.org/x/oauth2/google"
|
"golang.org/x/oauth2/google"
|
||||||
|
|
||||||
"github.com/prometheus/prometheus/config"
|
"github.com/prometheus/prometheus/config"
|
||||||
|
"github.com/prometheus/prometheus/util/strutil"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
gceLabel = model.MetaLabelPrefix + "gce_"
|
gceLabel = model.MetaLabelPrefix + "gce_"
|
||||||
gceLabelProject = gceLabel + "project"
|
gceLabelProject = gceLabel + "project"
|
||||||
gceLabelZone = gceLabel + "zone"
|
gceLabelZone = gceLabel + "zone"
|
||||||
gceLabelNetwork = gceLabel + "network"
|
gceLabelNetwork = gceLabel + "network"
|
||||||
gceLabelSubnetwork = gceLabel + "subnetwork"
|
gceLabelSubnetwork = gceLabel + "subnetwork"
|
||||||
gceLabelPublicIP = gceLabel + "public_ip"
|
gceLabelPublicIP = gceLabel + "public_ip"
|
||||||
gceLabelPrivateIP = gceLabel + "private_ip"
|
gceLabelPrivateIP = gceLabel + "private_ip"
|
||||||
gceLabelInstanceName = gceLabel + "instance_name"
|
gceLabelInstanceName = gceLabel + "instance_name"
|
||||||
gceLabelTags = gceLabel + "tags"
|
gceLabelInstanceStatus = gceLabel + "instance_status"
|
||||||
|
gceLabelTags = gceLabel + "tags"
|
||||||
|
gceLabelMetadata = gceLabel + "metadata_"
|
||||||
|
|
||||||
// Constants for instrumentation.
|
// Constants for instrumentation.
|
||||||
namespace = "prometheus"
|
namespace = "prometheus"
|
||||||
|
@ -164,9 +167,10 @@ func (gd *GCEDiscovery) refresh() (tg *config.TargetGroup, err error) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
labels := model.LabelSet{
|
labels := model.LabelSet{
|
||||||
gceLabelProject: model.LabelValue(gd.project),
|
gceLabelProject: model.LabelValue(gd.project),
|
||||||
gceLabelZone: model.LabelValue(inst.Zone),
|
gceLabelZone: model.LabelValue(inst.Zone),
|
||||||
gceLabelInstanceName: model.LabelValue(inst.Name),
|
gceLabelInstanceName: model.LabelValue(inst.Name),
|
||||||
|
gceLabelInstanceStatus: model.LabelValue(inst.Status),
|
||||||
}
|
}
|
||||||
priIface := inst.NetworkInterfaces[0]
|
priIface := inst.NetworkInterfaces[0]
|
||||||
labels[gceLabelNetwork] = model.LabelValue(priIface.Network)
|
labels[gceLabelNetwork] = model.LabelValue(priIface.Network)
|
||||||
|
@ -175,6 +179,7 @@ func (gd *GCEDiscovery) refresh() (tg *config.TargetGroup, err error) {
|
||||||
addr := fmt.Sprintf("%s:%d", priIface.NetworkIP, gd.port)
|
addr := fmt.Sprintf("%s:%d", priIface.NetworkIP, gd.port)
|
||||||
labels[model.AddressLabel] = model.LabelValue(addr)
|
labels[model.AddressLabel] = model.LabelValue(addr)
|
||||||
|
|
||||||
|
// Tags in GCE are usually only used for networking rules.
|
||||||
if inst.Tags != nil && len(inst.Tags.Items) > 0 {
|
if inst.Tags != nil && len(inst.Tags.Items) > 0 {
|
||||||
// We surround the separated list with the separator as well. This way regular expressions
|
// We surround the separated list with the separator as well. This way regular expressions
|
||||||
// in relabeling rules don't have to consider tag positions.
|
// in relabeling rules don't have to consider tag positions.
|
||||||
|
@ -182,6 +187,18 @@ func (gd *GCEDiscovery) refresh() (tg *config.TargetGroup, err error) {
|
||||||
labels[gceLabelTags] = model.LabelValue(tags)
|
labels[gceLabelTags] = model.LabelValue(tags)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GCE metadata are key-value pairs for user supplied attributes.
|
||||||
|
if inst.Metadata != nil {
|
||||||
|
for _, i := range inst.Metadata.Items {
|
||||||
|
// Protect against occasional nil pointers.
|
||||||
|
if i.Value == nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
name := strutil.SanitizeLabelName(i.Key)
|
||||||
|
labels[gceLabelMetadata+model.LabelName(name)] = model.LabelValue(*i.Value)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if len(priIface.AccessConfigs) > 0 {
|
if len(priIface.AccessConfigs) > 0 {
|
||||||
ac := priIface.AccessConfigs[0]
|
ac := priIface.AccessConfigs[0]
|
||||||
if ac.Type == "ONE_TO_ONE_NAT" {
|
if ac.Type == "ONE_TO_ONE_NAT" {
|
||||||
|
|
|
@ -1,296 +0,0 @@
|
||||||
// Copyright 2015 The Prometheus Authors
|
|
||||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
// you may not use this file except in compliance with the License.
|
|
||||||
// You may obtain a copy of the License at
|
|
||||||
//
|
|
||||||
// http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
//
|
|
||||||
// Unless required by applicable law or agreed to in writing, software
|
|
||||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
// See the License for the specific language governing permissions and
|
|
||||||
// limitations under the License.
|
|
||||||
|
|
||||||
package kubernetes
|
|
||||||
|
|
||||||
import (
|
|
||||||
"fmt"
|
|
||||||
"io/ioutil"
|
|
||||||
"net"
|
|
||||||
"net/http"
|
|
||||||
"os"
|
|
||||||
"sync"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/prometheus/common/log"
|
|
||||||
"github.com/prometheus/common/model"
|
|
||||||
"golang.org/x/net/context"
|
|
||||||
|
|
||||||
"github.com/prometheus/prometheus/config"
|
|
||||||
"github.com/prometheus/prometheus/util/httputil"
|
|
||||||
)
|
|
||||||
|
|
||||||
const (
|
|
||||||
// kubernetesMetaLabelPrefix is the meta prefix used for all meta labels.
|
|
||||||
// in this discovery.
|
|
||||||
metaLabelPrefix = model.MetaLabelPrefix + "kubernetes_"
|
|
||||||
|
|
||||||
// roleLabel is the name for the label containing a target's role.
|
|
||||||
roleLabel = metaLabelPrefix + "role"
|
|
||||||
|
|
||||||
sourcePodPrefix = "pods"
|
|
||||||
// podsTargetGroupNAme is the name given to the target group for pods
|
|
||||||
podsTargetGroupName = "pods"
|
|
||||||
// podNamespaceLabel is the name for the label containing a target pod's namespace
|
|
||||||
podNamespaceLabel = metaLabelPrefix + "pod_namespace"
|
|
||||||
// podNameLabel is the name for the label containing a target pod's name
|
|
||||||
podNameLabel = metaLabelPrefix + "pod_name"
|
|
||||||
// podAddressLabel is the name for the label containing a target pod's IP address (the PodIP)
|
|
||||||
podAddressLabel = metaLabelPrefix + "pod_address"
|
|
||||||
// podContainerNameLabel is the name for the label containing a target's container name
|
|
||||||
podContainerNameLabel = metaLabelPrefix + "pod_container_name"
|
|
||||||
// podContainerPortNameLabel is the name for the label containing the name of the port selected for a target
|
|
||||||
podContainerPortNameLabel = metaLabelPrefix + "pod_container_port_name"
|
|
||||||
// PodContainerPortListLabel is the name for the label containing a list of all TCP ports on the target container
|
|
||||||
podContainerPortListLabel = metaLabelPrefix + "pod_container_port_list"
|
|
||||||
// PodContainerPortMapPrefix is the prefix used to create the names of labels that associate container port names to port values
|
|
||||||
// Such labels will be named (podContainerPortMapPrefix)_(PortName) = (ContainerPort)
|
|
||||||
podContainerPortMapPrefix = metaLabelPrefix + "pod_container_port_map_"
|
|
||||||
// podReadyLabel is the name for the label containing the 'Ready' status (true/false/unknown) for a target
|
|
||||||
podReadyLabel = metaLabelPrefix + "pod_ready"
|
|
||||||
// podLabelPrefix is the prefix for prom label names corresponding to k8s labels for a target pod
|
|
||||||
podLabelPrefix = metaLabelPrefix + "pod_label_"
|
|
||||||
// podAnnotationPrefix is the prefix for prom label names corresponding to k8s annotations for a target pod
|
|
||||||
podAnnotationPrefix = metaLabelPrefix + "pod_annotation_"
|
|
||||||
// podNodeLabel is the name for the label containing the name of the node that a pod is scheduled on to
|
|
||||||
podNodeNameLabel = metaLabelPrefix + "pod_node_name"
|
|
||||||
// podHostIPLabel is the name for the label containing the IP of the node that a pod is scheduled on to
|
|
||||||
podHostIPLabel = metaLabelPrefix + "pod_host_ip"
|
|
||||||
|
|
||||||
sourceServicePrefix = "services"
|
|
||||||
// serviceNamespaceLabel is the name for the label containing a target's service namespace.
|
|
||||||
serviceNamespaceLabel = metaLabelPrefix + "service_namespace"
|
|
||||||
// serviceNameLabel is the name for the label containing a target's service name.
|
|
||||||
serviceNameLabel = metaLabelPrefix + "service_name"
|
|
||||||
// serviceLabelPrefix is the prefix for the service labels.
|
|
||||||
serviceLabelPrefix = metaLabelPrefix + "service_label_"
|
|
||||||
// serviceAnnotationPrefix is the prefix for the service annotations.
|
|
||||||
serviceAnnotationPrefix = metaLabelPrefix + "service_annotation_"
|
|
||||||
|
|
||||||
// nodesTargetGroupName is the name given to the target group for nodes.
|
|
||||||
nodesTargetGroupName = "nodes"
|
|
||||||
// nodeLabelPrefix is the prefix for the node labels.
|
|
||||||
nodeLabelPrefix = metaLabelPrefix + "node_label_"
|
|
||||||
// nodeAddressPrefix is the prefix for the node addresses.
|
|
||||||
nodeAddressPrefix = metaLabelPrefix + "node_address_"
|
|
||||||
// nodePortLabel is the name of the label for the node port.
|
|
||||||
nodePortLabel = metaLabelPrefix + "node_port"
|
|
||||||
|
|
||||||
// apiServersTargetGroupName is the name given to the target group for API servers.
|
|
||||||
apiServersTargetGroupName = "apiServers"
|
|
||||||
|
|
||||||
serviceAccountToken = "/var/run/secrets/kubernetes.io/serviceaccount/token"
|
|
||||||
serviceAccountCACert = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
|
|
||||||
|
|
||||||
apiVersion = "v1"
|
|
||||||
apiPrefix = "/api/" + apiVersion
|
|
||||||
nodesURL = apiPrefix + "/nodes"
|
|
||||||
podsURL = apiPrefix + "/pods"
|
|
||||||
servicesURL = apiPrefix + "/services"
|
|
||||||
endpointsURL = apiPrefix + "/endpoints"
|
|
||||||
serviceEndpointsURL = apiPrefix + "/namespaces/%s/endpoints/%s"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Discovery implements a TargetProvider for Kubernetes services.
|
|
||||||
type Discovery struct {
|
|
||||||
client *http.Client
|
|
||||||
Conf *config.KubernetesSDConfig
|
|
||||||
|
|
||||||
apiServers []config.URL
|
|
||||||
apiServersMu sync.RWMutex
|
|
||||||
}
|
|
||||||
|
|
||||||
// Initialize sets up the discovery for usage.
|
|
||||||
func (kd *Discovery) Initialize() error {
|
|
||||||
client, err := newKubernetesHTTPClient(kd.Conf)
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
kd.apiServers = kd.Conf.APIServers
|
|
||||||
kd.client = client
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Run implements the TargetProvider interface.
|
|
||||||
func (kd *Discovery) Run(ctx context.Context, ch chan<- []*config.TargetGroup) {
|
|
||||||
log.Debugf("Start Kubernetes service discovery")
|
|
||||||
defer close(ch)
|
|
||||||
|
|
||||||
switch kd.Conf.Role {
|
|
||||||
case config.KubernetesRolePod, config.KubernetesRoleContainer:
|
|
||||||
pd := &podDiscovery{
|
|
||||||
retryInterval: time.Duration(kd.Conf.RetryInterval),
|
|
||||||
kd: kd,
|
|
||||||
}
|
|
||||||
pd.run(ctx, ch)
|
|
||||||
case config.KubernetesRoleNode:
|
|
||||||
nd := &nodeDiscovery{
|
|
||||||
retryInterval: time.Duration(kd.Conf.RetryInterval),
|
|
||||||
kd: kd,
|
|
||||||
}
|
|
||||||
nd.run(ctx, ch)
|
|
||||||
case config.KubernetesRoleService, config.KubernetesRoleEndpoint:
|
|
||||||
sd := &serviceDiscovery{
|
|
||||||
retryInterval: time.Duration(kd.Conf.RetryInterval),
|
|
||||||
kd: kd,
|
|
||||||
}
|
|
||||||
sd.run(ctx, ch)
|
|
||||||
case config.KubernetesRoleAPIServer:
|
|
||||||
select {
|
|
||||||
case ch <- []*config.TargetGroup{kd.updateAPIServersTargetGroup()}:
|
|
||||||
case <-ctx.Done():
|
|
||||||
return
|
|
||||||
}
|
|
||||||
default:
|
|
||||||
log.Errorf("unknown Kubernetes discovery kind %q", kd.Conf.Role)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (kd *Discovery) queryAPIServerPath(path string) (*http.Response, error) {
|
|
||||||
req, err := http.NewRequest("GET", path, nil)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return kd.queryAPIServerReq(req)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (kd *Discovery) queryAPIServerReq(req *http.Request) (*http.Response, error) {
|
|
||||||
// Lock in case we need to rotate API servers to request.
|
|
||||||
kd.apiServersMu.Lock()
|
|
||||||
defer kd.apiServersMu.Unlock()
|
|
||||||
var lastErr error
|
|
||||||
for i := 0; i < len(kd.apiServers); i++ {
|
|
||||||
cloneReq := *req
|
|
||||||
cloneReq.URL.Host = kd.apiServers[0].Host
|
|
||||||
cloneReq.URL.Scheme = kd.apiServers[0].Scheme
|
|
||||||
res, err := kd.client.Do(&cloneReq)
|
|
||||||
if err == nil {
|
|
||||||
return res, nil
|
|
||||||
}
|
|
||||||
lastErr = err
|
|
||||||
kd.rotateAPIServers()
|
|
||||||
}
|
|
||||||
return nil, fmt.Errorf("unable to query any API servers: %v", lastErr)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (kd *Discovery) rotateAPIServers() {
|
|
||||||
if len(kd.apiServers) > 1 {
|
|
||||||
kd.apiServers = append(kd.apiServers[1:], kd.apiServers[0])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (kd *Discovery) updateAPIServersTargetGroup() *config.TargetGroup {
|
|
||||||
tg := &config.TargetGroup{
|
|
||||||
Source: apiServersTargetGroupName,
|
|
||||||
Labels: model.LabelSet{
|
|
||||||
roleLabel: model.LabelValue("apiserver"),
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, apiServer := range kd.apiServers {
|
|
||||||
apiServerAddress := apiServer.Host
|
|
||||||
_, _, err := net.SplitHostPort(apiServerAddress)
|
|
||||||
// If error then no port is specified - use default for scheme.
|
|
||||||
if err != nil {
|
|
||||||
switch apiServer.Scheme {
|
|
||||||
case "http":
|
|
||||||
apiServerAddress = net.JoinHostPort(apiServerAddress, "80")
|
|
||||||
case "https":
|
|
||||||
apiServerAddress = net.JoinHostPort(apiServerAddress, "443")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
t := model.LabelSet{
|
|
||||||
model.AddressLabel: model.LabelValue(apiServerAddress),
|
|
||||||
model.SchemeLabel: model.LabelValue(apiServer.Scheme),
|
|
||||||
}
|
|
||||||
tg.Targets = append(tg.Targets, t)
|
|
||||||
}
|
|
||||||
|
|
||||||
return tg
|
|
||||||
}
|
|
||||||
|
|
||||||
func newKubernetesHTTPClient(conf *config.KubernetesSDConfig) (*http.Client, error) {
|
|
||||||
bearerTokenFile := conf.BearerTokenFile
|
|
||||||
tlsConfig := conf.TLSConfig
|
|
||||||
if conf.InCluster {
|
|
||||||
if len(bearerTokenFile) == 0 {
|
|
||||||
bearerTokenFile = serviceAccountToken
|
|
||||||
}
|
|
||||||
if len(tlsConfig.CAFile) == 0 {
|
|
||||||
// With recent versions, the CA certificate is mounted as a secret
|
|
||||||
// but we need to handle older versions too. In this case, don't
|
|
||||||
// set the CAFile & the configuration will have to use InsecureSkipVerify.
|
|
||||||
if _, err := os.Stat(serviceAccountCACert); err == nil {
|
|
||||||
tlsConfig.CAFile = serviceAccountCACert
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
tls, err := httputil.NewTLSConfig(tlsConfig)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
var rt http.RoundTripper = &http.Transport{
|
|
||||||
Dial: func(netw, addr string) (c net.Conn, err error) {
|
|
||||||
c, err = net.DialTimeout(netw, addr, time.Duration(conf.RequestTimeout))
|
|
||||||
return
|
|
||||||
},
|
|
||||||
TLSClientConfig: tls,
|
|
||||||
}
|
|
||||||
|
|
||||||
// If a bearer token is provided, create a round tripper that will set the
|
|
||||||
// Authorization header correctly on each request.
|
|
||||||
bearerToken := conf.BearerToken
|
|
||||||
if len(bearerToken) == 0 && len(bearerTokenFile) > 0 {
|
|
||||||
b, err := ioutil.ReadFile(bearerTokenFile)
|
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("unable to read bearer token file %s: %s", bearerTokenFile, err)
|
|
||||||
}
|
|
||||||
bearerToken = string(b)
|
|
||||||
}
|
|
||||||
if len(bearerToken) > 0 {
|
|
||||||
rt = httputil.NewBearerAuthRoundTripper(bearerToken, rt)
|
|
||||||
}
|
|
||||||
|
|
||||||
if conf.BasicAuth != nil {
|
|
||||||
rt = httputil.NewBasicAuthRoundTripper(conf.BasicAuth.Username, conf.BasicAuth.Password, rt)
|
|
||||||
}
|
|
||||||
|
|
||||||
return &http.Client{
|
|
||||||
Transport: rt,
|
|
||||||
}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Until loops until stop channel is closed, running f every period.
|
|
||||||
// f may not be invoked if stop channel is already closed.
|
|
||||||
func until(f func(), period time.Duration, stopCh <-chan struct{}) {
|
|
||||||
select {
|
|
||||||
case <-stopCh:
|
|
||||||
return
|
|
||||||
default:
|
|
||||||
f()
|
|
||||||
}
|
|
||||||
for {
|
|
||||||
select {
|
|
||||||
case <-stopCh:
|
|
||||||
return
|
|
||||||
case <-time.After(period):
|
|
||||||
f()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,221 +0,0 @@
|
||||||
// Copyright 2015 The Prometheus Authors
|
|
||||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
// you may not use this file except in compliance with the License.
|
|
||||||
// You may obtain a copy of the License at
|
|
||||||
//
|
|
||||||
// http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
//
|
|
||||||
// Unless required by applicable law or agreed to in writing, software
|
|
||||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
// See the License for the specific language governing permissions and
|
|
||||||
// limitations under the License.
|
|
||||||
|
|
||||||
package kubernetes
|
|
||||||
|
|
||||||
import (
|
|
||||||
"flag"
|
|
||||||
"math/rand"
|
|
||||||
"os"
|
|
||||||
"testing"
|
|
||||||
|
|
||||||
_ "github.com/prometheus/common/log"
|
|
||||||
"github.com/prometheus/common/model"
|
|
||||||
)
|
|
||||||
|
|
||||||
func TestMain(m *testing.M) {
|
|
||||||
flag.Parse()
|
|
||||||
os.Exit(m.Run())
|
|
||||||
}
|
|
||||||
|
|
||||||
var portsA = []ContainerPort{
|
|
||||||
{
|
|
||||||
Name: "http",
|
|
||||||
ContainerPort: 80,
|
|
||||||
Protocol: "TCP",
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
var portsB = []ContainerPort{
|
|
||||||
{
|
|
||||||
Name: "https",
|
|
||||||
ContainerPort: 443,
|
|
||||||
Protocol: "TCP",
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
var portsNoTcp = []ContainerPort{
|
|
||||||
{
|
|
||||||
Name: "dns",
|
|
||||||
ContainerPort: 53,
|
|
||||||
Protocol: "UDP",
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
var portsMultiA = []ContainerPort{
|
|
||||||
{
|
|
||||||
Name: "http",
|
|
||||||
ContainerPort: 80,
|
|
||||||
Protocol: "TCP",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "ssh",
|
|
||||||
ContainerPort: 22,
|
|
||||||
Protocol: "TCP",
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
var portsMultiB = []ContainerPort{
|
|
||||||
{
|
|
||||||
Name: "http",
|
|
||||||
ContainerPort: 80,
|
|
||||||
Protocol: "TCP",
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Name: "https",
|
|
||||||
ContainerPort: 443,
|
|
||||||
Protocol: "TCP",
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
func container(name string, ports []ContainerPort) Container {
|
|
||||||
p := make([]ContainerPort, len(ports))
|
|
||||||
copy(p, ports)
|
|
||||||
|
|
||||||
// Shuffle order of ports to ensure code enforces determinism
|
|
||||||
for i := range p {
|
|
||||||
j := rand.Intn(i + 1)
|
|
||||||
p[i], p[j] = p[j], p[i]
|
|
||||||
}
|
|
||||||
|
|
||||||
return Container{
|
|
||||||
Name: name,
|
|
||||||
Ports: p,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func pod(name string, containers []Container) *Pod {
|
|
||||||
c := make([]Container, len(containers))
|
|
||||||
copy(c, containers)
|
|
||||||
|
|
||||||
// Shuffle order of containers to ensure code enforces determinism
|
|
||||||
for i := range c {
|
|
||||||
j := rand.Intn(i + 1)
|
|
||||||
c[i], c[j] = c[j], c[i]
|
|
||||||
}
|
|
||||||
|
|
||||||
return &Pod{
|
|
||||||
ObjectMeta: ObjectMeta{
|
|
||||||
Name: name,
|
|
||||||
},
|
|
||||||
PodStatus: PodStatus{
|
|
||||||
PodIP: "1.1.1.1",
|
|
||||||
Phase: "Running",
|
|
||||||
Conditions: []PodCondition{
|
|
||||||
{
|
|
||||||
Type: "Ready",
|
|
||||||
Status: "True",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
HostIP: "2.2.2.2",
|
|
||||||
},
|
|
||||||
PodSpec: PodSpec{
|
|
||||||
Containers: c,
|
|
||||||
NodeName: "test-node",
|
|
||||||
},
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestUpdatePodTargets(t *testing.T) {
|
|
||||||
var result []model.LabelSet
|
|
||||||
|
|
||||||
// Multiple iterations help ensure that we'll see different permutations via the various randomizations that occur
|
|
||||||
for i := 0; i < 100; i++ {
|
|
||||||
// Return no targets for a pod that isn't "Running"
|
|
||||||
result = updatePodTargets(&Pod{PodStatus: PodStatus{PodIP: "1.1.1.1"}}, true)
|
|
||||||
if len(result) > 0 {
|
|
||||||
t.Fatalf("expected 0 targets, received %d", len(result))
|
|
||||||
}
|
|
||||||
|
|
||||||
// Return no targets for a pod with no IP
|
|
||||||
result = updatePodTargets(&Pod{PodStatus: PodStatus{Phase: "Running"}}, true)
|
|
||||||
if len(result) > 0 {
|
|
||||||
t.Fatalf("expected 0 targets, received %d", len(result))
|
|
||||||
}
|
|
||||||
|
|
||||||
// A pod with no containers (?!) should not produce any targets
|
|
||||||
result = updatePodTargets(pod("empty", []Container{}), true)
|
|
||||||
if len(result) > 0 {
|
|
||||||
t.Fatalf("expected 0 targets, received %d", len(result))
|
|
||||||
}
|
|
||||||
|
|
||||||
// Return no targets for a pod that has no HostIP
|
|
||||||
result = updatePodTargets(&Pod{PodStatus: PodStatus{PodIP: "1.1.1.1", Phase: "Running"}}, true)
|
|
||||||
if len(result) > 0 {
|
|
||||||
t.Fatalf("expected 0 targets, received %d", len(result))
|
|
||||||
}
|
|
||||||
|
|
||||||
// A pod with all valid containers should return one target per container with allContainers=true
|
|
||||||
result = updatePodTargets(pod("easy", []Container{container("a", portsA), container("b", portsB)}), true)
|
|
||||||
if len(result) != 2 {
|
|
||||||
t.Fatalf("expected 2 targets, received %d", len(result))
|
|
||||||
}
|
|
||||||
if result[0][podReadyLabel] != "true" {
|
|
||||||
t.Fatalf("expected result[0] podReadyLabel 'true', received '%s'", result[0][podReadyLabel])
|
|
||||||
}
|
|
||||||
if _, ok := result[0][podContainerPortMapPrefix+"http"]; !ok {
|
|
||||||
t.Fatalf("expected result[0][podContainerPortMapPrefix + 'http'] to be '80', but was missing")
|
|
||||||
}
|
|
||||||
if result[0][podContainerPortMapPrefix+"http"] != "80" {
|
|
||||||
t.Fatalf("expected result[0][podContainerPortMapPrefix + 'http'] to be '80', but was %s", result[0][podContainerPortMapPrefix+"http"])
|
|
||||||
}
|
|
||||||
if _, ok := result[1][podContainerPortMapPrefix+"https"]; !ok {
|
|
||||||
t.Fatalf("expected result[1][podContainerPortMapPrefix + 'https'] to be '443', but was missing")
|
|
||||||
}
|
|
||||||
if result[1][podContainerPortMapPrefix+"https"] != "443" {
|
|
||||||
t.Fatalf("expected result[1][podContainerPortMapPrefix + 'https'] to be '443', but was %s", result[1][podContainerPortMapPrefix+"https"])
|
|
||||||
}
|
|
||||||
if result[0][podNodeNameLabel] != "test-node" {
|
|
||||||
t.Fatalf("expected result[0] podNodeNameLabel 'test-node', received '%s'", result[0][podNodeNameLabel])
|
|
||||||
}
|
|
||||||
if result[0][podHostIPLabel] != "2.2.2.2" {
|
|
||||||
t.Fatalf("expected result[0] podHostIPLabel '2.2.2.2', received '%s'", result[0][podHostIPLabel])
|
|
||||||
}
|
|
||||||
|
|
||||||
// A pod with all valid containers should return one target with allContainers=false, and it should be the alphabetically first container
|
|
||||||
result = updatePodTargets(pod("easy", []Container{container("a", portsA), container("b", portsB)}), false)
|
|
||||||
if len(result) != 1 {
|
|
||||||
t.Fatalf("expected 1 targets, received %d", len(result))
|
|
||||||
}
|
|
||||||
if _, ok := result[0][podContainerNameLabel]; !ok {
|
|
||||||
t.Fatalf("expected result[0][podContainerNameLabel] to be 'a', but was missing")
|
|
||||||
}
|
|
||||||
if result[0][podContainerNameLabel] != "a" {
|
|
||||||
t.Fatalf("expected result[0][podContainerNameLabel] to be 'a', but was '%s'", result[0][podContainerNameLabel])
|
|
||||||
}
|
|
||||||
|
|
||||||
// A pod with some non-targetable containers should return one target per targetable container with allContainers=true
|
|
||||||
result = updatePodTargets(pod("mixed", []Container{container("a", portsA), container("no-tcp", portsNoTcp), container("b", portsB)}), true)
|
|
||||||
if len(result) != 2 {
|
|
||||||
t.Fatalf("expected 2 targets, received %d", len(result))
|
|
||||||
}
|
|
||||||
|
|
||||||
// A pod with a container with multiple ports should return the numerically smallest port
|
|
||||||
result = updatePodTargets(pod("hard", []Container{container("multiA", portsMultiA), container("multiB", portsMultiB)}), true)
|
|
||||||
if len(result) != 2 {
|
|
||||||
t.Fatalf("expected 2 targets, received %d", len(result))
|
|
||||||
}
|
|
||||||
if result[0][model.AddressLabel] != "1.1.1.1:22" {
|
|
||||||
t.Fatalf("expected result[0] address to be 1.1.1.1:22, received %s", result[0][model.AddressLabel])
|
|
||||||
}
|
|
||||||
if result[0][podContainerPortListLabel] != ",ssh=22,http=80," {
|
|
||||||
t.Fatalf("expected result[0] podContainerPortListLabel to be ',ssh=22,http=80,', received '%s'", result[0][podContainerPortListLabel])
|
|
||||||
}
|
|
||||||
if result[1][model.AddressLabel] != "1.1.1.1:80" {
|
|
||||||
t.Fatalf("expected result[1] address to be 1.1.1.1:80, received %s", result[1][model.AddressLabel])
|
|
||||||
}
|
|
||||||
if result[1][podContainerPortListLabel] != ",http=80,https=443," {
|
|
||||||
t.Fatalf("expected result[1] podContainerPortListLabel to be ',http=80,https=443,', received '%s'", result[1][podContainerPortListLabel])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
280
retrieval/discovery/kubernetes/endpoints.go
Normal file
280
retrieval/discovery/kubernetes/endpoints.go
Normal file
|
@ -0,0 +1,280 @@
|
||||||
|
// Copyright 2016 The Prometheus Authors
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package kubernetes
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"net"
|
||||||
|
"strconv"
|
||||||
|
|
||||||
|
"github.com/prometheus/prometheus/config"
|
||||||
|
|
||||||
|
"github.com/prometheus/common/log"
|
||||||
|
"github.com/prometheus/common/model"
|
||||||
|
"golang.org/x/net/context"
|
||||||
|
apiv1 "k8s.io/client-go/1.5/pkg/api/v1"
|
||||||
|
"k8s.io/client-go/1.5/tools/cache"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Endpoints discovers new endpoint targets.
|
||||||
|
type Endpoints struct {
|
||||||
|
logger log.Logger
|
||||||
|
|
||||||
|
endpointsInf cache.SharedInformer
|
||||||
|
serviceInf cache.SharedInformer
|
||||||
|
podInf cache.SharedInformer
|
||||||
|
|
||||||
|
podStore cache.Store
|
||||||
|
endpointsStore cache.Store
|
||||||
|
serviceStore cache.Store
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewEndpoints returns a new endpoints discovery.
|
||||||
|
func NewEndpoints(l log.Logger, svc, eps, pod cache.SharedInformer) *Endpoints {
|
||||||
|
ep := &Endpoints{
|
||||||
|
logger: l,
|
||||||
|
endpointsInf: eps,
|
||||||
|
endpointsStore: eps.GetStore(),
|
||||||
|
serviceInf: svc,
|
||||||
|
serviceStore: svc.GetStore(),
|
||||||
|
podInf: pod,
|
||||||
|
podStore: pod.GetStore(),
|
||||||
|
}
|
||||||
|
|
||||||
|
return ep
|
||||||
|
}
|
||||||
|
|
||||||
|
// Run implements the retrieval.TargetProvider interface.
|
||||||
|
func (e *Endpoints) Run(ctx context.Context, ch chan<- []*config.TargetGroup) {
|
||||||
|
// Send full initial set of endpoint targets.
|
||||||
|
var initial []*config.TargetGroup
|
||||||
|
|
||||||
|
for _, o := range e.endpointsStore.List() {
|
||||||
|
tg := e.buildEndpoints(o.(*apiv1.Endpoints))
|
||||||
|
initial = append(initial, tg)
|
||||||
|
}
|
||||||
|
select {
|
||||||
|
case <-ctx.Done():
|
||||||
|
return
|
||||||
|
case ch <- initial:
|
||||||
|
}
|
||||||
|
// Send target groups for pod updates.
|
||||||
|
send := func(tg *config.TargetGroup) {
|
||||||
|
if tg == nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
e.logger.With("tg", fmt.Sprintf("%#v", tg)).Debugln("endpoints update")
|
||||||
|
select {
|
||||||
|
case <-ctx.Done():
|
||||||
|
case ch <- []*config.TargetGroup{tg}:
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
e.endpointsInf.AddEventHandler(cache.ResourceEventHandlerFuncs{
|
||||||
|
AddFunc: func(o interface{}) {
|
||||||
|
send(e.buildEndpoints(o.(*apiv1.Endpoints)))
|
||||||
|
},
|
||||||
|
UpdateFunc: func(_, o interface{}) {
|
||||||
|
send(e.buildEndpoints(o.(*apiv1.Endpoints)))
|
||||||
|
},
|
||||||
|
DeleteFunc: func(o interface{}) {
|
||||||
|
send(&config.TargetGroup{Source: endpointsSource(o.(*apiv1.Endpoints).ObjectMeta)})
|
||||||
|
},
|
||||||
|
})
|
||||||
|
|
||||||
|
serviceUpdate := func(svc *apiv1.Service) {
|
||||||
|
ep := &apiv1.Endpoints{}
|
||||||
|
ep.Namespace = svc.Namespace
|
||||||
|
ep.Name = svc.Name
|
||||||
|
obj, exists, err := e.endpointsStore.Get(ep)
|
||||||
|
if exists && err != nil {
|
||||||
|
send(e.buildEndpoints(obj.(*apiv1.Endpoints)))
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
e.logger.With("err", err).Errorln("retrieving endpoints failed")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
e.serviceInf.AddEventHandler(cache.ResourceEventHandlerFuncs{
|
||||||
|
// TODO(fabxc): potentially remove add and delete event handlers. Those should
|
||||||
|
// be triggered via the endpoint handlers already.
|
||||||
|
AddFunc: func(o interface{}) { serviceUpdate(o.(*apiv1.Service)) },
|
||||||
|
UpdateFunc: func(_, o interface{}) { serviceUpdate(o.(*apiv1.Service)) },
|
||||||
|
DeleteFunc: func(o interface{}) { serviceUpdate(o.(*apiv1.Service)) },
|
||||||
|
})
|
||||||
|
|
||||||
|
// Block until the target provider is explicitly canceled.
|
||||||
|
<-ctx.Done()
|
||||||
|
}
|
||||||
|
|
||||||
|
func endpointsSource(ep apiv1.ObjectMeta) string {
|
||||||
|
return "endpoints/" + ep.Namespace + "/" + ep.Name
|
||||||
|
}
|
||||||
|
|
||||||
|
const (
|
||||||
|
endpointsNameLabel = metaLabelPrefix + "endpoints_name"
|
||||||
|
endpointReadyLabel = metaLabelPrefix + "endpoint_ready"
|
||||||
|
endpointPortNameLabel = metaLabelPrefix + "endpoint_port_name"
|
||||||
|
endpointPortProtocolLabel = metaLabelPrefix + "endpoint_port_protocol"
|
||||||
|
)
|
||||||
|
|
||||||
|
func (e *Endpoints) buildEndpoints(eps *apiv1.Endpoints) *config.TargetGroup {
|
||||||
|
if len(eps.Subsets) == 0 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
tg := &config.TargetGroup{
|
||||||
|
Source: endpointsSource(eps.ObjectMeta),
|
||||||
|
}
|
||||||
|
tg.Labels = model.LabelSet{
|
||||||
|
namespaceLabel: lv(eps.Namespace),
|
||||||
|
endpointsNameLabel: lv(eps.Name),
|
||||||
|
}
|
||||||
|
e.addServiceLabels(eps.Namespace, eps.Name, tg)
|
||||||
|
|
||||||
|
type podEntry struct {
|
||||||
|
pod *apiv1.Pod
|
||||||
|
servicePorts []apiv1.EndpointPort
|
||||||
|
}
|
||||||
|
seenPods := map[string]*podEntry{}
|
||||||
|
|
||||||
|
add := func(addr apiv1.EndpointAddress, port apiv1.EndpointPort, ready string) {
|
||||||
|
a := net.JoinHostPort(addr.IP, strconv.FormatUint(uint64(port.Port), 10))
|
||||||
|
|
||||||
|
target := model.LabelSet{
|
||||||
|
model.AddressLabel: lv(a),
|
||||||
|
endpointPortNameLabel: lv(port.Name),
|
||||||
|
endpointPortProtocolLabel: lv(string(port.Protocol)),
|
||||||
|
endpointReadyLabel: lv(ready),
|
||||||
|
}
|
||||||
|
|
||||||
|
pod := e.resolvePodRef(addr.TargetRef)
|
||||||
|
if pod == nil {
|
||||||
|
// This target is not a Pod, so don't continue with Pod specific logic.
|
||||||
|
tg.Targets = append(tg.Targets, target)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
s := pod.Namespace + "/" + pod.Name
|
||||||
|
|
||||||
|
sp, ok := seenPods[s]
|
||||||
|
if !ok {
|
||||||
|
sp = &podEntry{pod: pod}
|
||||||
|
seenPods[s] = sp
|
||||||
|
}
|
||||||
|
|
||||||
|
// Attach standard pod labels.
|
||||||
|
target = target.Merge(podLabels(pod))
|
||||||
|
|
||||||
|
// Attach potential container port labels matching the endpoint port.
|
||||||
|
for _, c := range pod.Spec.Containers {
|
||||||
|
for _, cport := range c.Ports {
|
||||||
|
if port.Port == cport.ContainerPort {
|
||||||
|
ports := strconv.FormatUint(uint64(port.Port), 10)
|
||||||
|
|
||||||
|
target[podContainerNameLabel] = lv(c.Name)
|
||||||
|
target[podContainerPortNameLabel] = lv(cport.Name)
|
||||||
|
target[podContainerPortNumberLabel] = lv(ports)
|
||||||
|
target[podContainerPortProtocolLabel] = lv(string(port.Protocol))
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Add service port so we know that we have already generated a target
|
||||||
|
// for it.
|
||||||
|
sp.servicePorts = append(sp.servicePorts, port)
|
||||||
|
tg.Targets = append(tg.Targets, target)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, ss := range eps.Subsets {
|
||||||
|
for _, port := range ss.Ports {
|
||||||
|
for _, addr := range ss.Addresses {
|
||||||
|
add(addr, port, "true")
|
||||||
|
}
|
||||||
|
// Although this generates the same target again, as it was generated in
|
||||||
|
// the loop above, it causes the ready meta label to be overridden.
|
||||||
|
for _, addr := range ss.NotReadyAddresses {
|
||||||
|
add(addr, port, "false")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// For all seen pods, check all container ports. If they were not covered
|
||||||
|
// by one of the service endpoints, generate targets for them.
|
||||||
|
for _, pe := range seenPods {
|
||||||
|
for _, c := range pe.pod.Spec.Containers {
|
||||||
|
for _, cport := range c.Ports {
|
||||||
|
hasSeenPort := func() bool {
|
||||||
|
for _, eport := range pe.servicePorts {
|
||||||
|
if cport.ContainerPort == eport.Port {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
if hasSeenPort() {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
a := net.JoinHostPort(pe.pod.Status.PodIP, strconv.FormatUint(uint64(cport.ContainerPort), 10))
|
||||||
|
ports := strconv.FormatUint(uint64(cport.ContainerPort), 10)
|
||||||
|
|
||||||
|
target := model.LabelSet{
|
||||||
|
model.AddressLabel: lv(a),
|
||||||
|
podContainerNameLabel: lv(c.Name),
|
||||||
|
podContainerPortNameLabel: lv(cport.Name),
|
||||||
|
podContainerPortNumberLabel: lv(ports),
|
||||||
|
podContainerPortProtocolLabel: lv(string(cport.Protocol)),
|
||||||
|
}
|
||||||
|
tg.Targets = append(tg.Targets, target.Merge(podLabels(pe.pod)))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return tg
|
||||||
|
}
|
||||||
|
|
||||||
|
func (e *Endpoints) resolvePodRef(ref *apiv1.ObjectReference) *apiv1.Pod {
|
||||||
|
if ref == nil || ref.Kind != "Pod" {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
p := &apiv1.Pod{}
|
||||||
|
p.Namespace = ref.Namespace
|
||||||
|
p.Name = ref.Name
|
||||||
|
|
||||||
|
obj, exists, err := e.podStore.Get(p)
|
||||||
|
if err != nil || !exists {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
e.logger.With("err", err).Errorln("resolving pod ref failed")
|
||||||
|
}
|
||||||
|
return obj.(*apiv1.Pod)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (e *Endpoints) addServiceLabels(ns, name string, tg *config.TargetGroup) {
|
||||||
|
svc := &apiv1.Service{}
|
||||||
|
svc.Namespace = ns
|
||||||
|
svc.Name = name
|
||||||
|
|
||||||
|
obj, exists, err := e.serviceStore.Get(svc)
|
||||||
|
if !exists || err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
e.logger.With("err", err).Errorln("retrieving service failed")
|
||||||
|
}
|
||||||
|
svc = obj.(*apiv1.Service)
|
||||||
|
|
||||||
|
tg.Labels = tg.Labels.Merge(serviceLabels(svc))
|
||||||
|
}
|
321
retrieval/discovery/kubernetes/endpoints_test.go
Normal file
321
retrieval/discovery/kubernetes/endpoints_test.go
Normal file
|
@ -0,0 +1,321 @@
|
||||||
|
// Copyright 2016 The Prometheus Authors
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package kubernetes
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/prometheus/common/log"
|
||||||
|
"github.com/prometheus/common/model"
|
||||||
|
"github.com/prometheus/prometheus/config"
|
||||||
|
"k8s.io/client-go/1.5/pkg/api/v1"
|
||||||
|
)
|
||||||
|
|
||||||
|
func endpointsStoreKeyFunc(obj interface{}) (string, error) {
|
||||||
|
return obj.(*v1.Endpoints).ObjectMeta.Name, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func newFakeEndpointsInformer() *fakeInformer {
|
||||||
|
return newFakeInformer(endpointsStoreKeyFunc)
|
||||||
|
}
|
||||||
|
|
||||||
|
func makeTestEndpointsDiscovery() (*Endpoints, *fakeInformer, *fakeInformer, *fakeInformer) {
|
||||||
|
svc := newFakeServiceInformer()
|
||||||
|
eps := newFakeEndpointsInformer()
|
||||||
|
pod := newFakePodInformer()
|
||||||
|
return NewEndpoints(log.Base(), svc, eps, pod), svc, eps, pod
|
||||||
|
}
|
||||||
|
|
||||||
|
func makeEndpoints() *v1.Endpoints {
|
||||||
|
return &v1.Endpoints{
|
||||||
|
ObjectMeta: v1.ObjectMeta{
|
||||||
|
Name: "testendpoints",
|
||||||
|
Namespace: "default",
|
||||||
|
},
|
||||||
|
Subsets: []v1.EndpointSubset{
|
||||||
|
v1.EndpointSubset{
|
||||||
|
Addresses: []v1.EndpointAddress{
|
||||||
|
v1.EndpointAddress{
|
||||||
|
IP: "1.2.3.4",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Ports: []v1.EndpointPort{
|
||||||
|
v1.EndpointPort{
|
||||||
|
Name: "testport",
|
||||||
|
Port: 9000,
|
||||||
|
Protocol: v1.ProtocolTCP,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
v1.EndpointSubset{
|
||||||
|
Addresses: []v1.EndpointAddress{
|
||||||
|
v1.EndpointAddress{
|
||||||
|
IP: "2.3.4.5",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
NotReadyAddresses: []v1.EndpointAddress{
|
||||||
|
v1.EndpointAddress{
|
||||||
|
IP: "2.3.4.5",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Ports: []v1.EndpointPort{
|
||||||
|
v1.EndpointPort{
|
||||||
|
Name: "testport",
|
||||||
|
Port: 9001,
|
||||||
|
Protocol: v1.ProtocolTCP,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestEndpointsDiscoveryInitial(t *testing.T) {
|
||||||
|
n, _, eps, _ := makeTestEndpointsDiscovery()
|
||||||
|
eps.GetStore().Add(makeEndpoints())
|
||||||
|
|
||||||
|
k8sDiscoveryTest{
|
||||||
|
discovery: n,
|
||||||
|
expectedInitial: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Targets: []model.LabelSet{
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "1.2.3.4:9000",
|
||||||
|
"__meta_kubernetes_endpoint_port_name": "testport",
|
||||||
|
"__meta_kubernetes_endpoint_port_protocol": "TCP",
|
||||||
|
"__meta_kubernetes_endpoint_ready": "true",
|
||||||
|
},
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "2.3.4.5:9001",
|
||||||
|
"__meta_kubernetes_endpoint_port_name": "testport",
|
||||||
|
"__meta_kubernetes_endpoint_port_protocol": "TCP",
|
||||||
|
"__meta_kubernetes_endpoint_ready": "true",
|
||||||
|
},
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "2.3.4.5:9001",
|
||||||
|
"__meta_kubernetes_endpoint_port_name": "testport",
|
||||||
|
"__meta_kubernetes_endpoint_port_protocol": "TCP",
|
||||||
|
"__meta_kubernetes_endpoint_ready": "false",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Labels: model.LabelSet{
|
||||||
|
"__meta_kubernetes_namespace": "default",
|
||||||
|
"__meta_kubernetes_endpoints_name": "testendpoints",
|
||||||
|
},
|
||||||
|
Source: "endpoints/default/testendpoints",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}.Run(t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestEndpointsDiscoveryAdd(t *testing.T) {
|
||||||
|
n, _, eps, pods := makeTestEndpointsDiscovery()
|
||||||
|
pods.GetStore().Add(&v1.Pod{
|
||||||
|
ObjectMeta: v1.ObjectMeta{
|
||||||
|
Name: "testpod",
|
||||||
|
Namespace: "default",
|
||||||
|
},
|
||||||
|
Spec: v1.PodSpec{
|
||||||
|
NodeName: "testnode",
|
||||||
|
Containers: []v1.Container{
|
||||||
|
v1.Container{
|
||||||
|
Name: "c1",
|
||||||
|
Ports: []v1.ContainerPort{
|
||||||
|
v1.ContainerPort{
|
||||||
|
Name: "mainport",
|
||||||
|
ContainerPort: 9000,
|
||||||
|
Protocol: v1.ProtocolTCP,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
v1.Container{
|
||||||
|
Name: "c2",
|
||||||
|
Ports: []v1.ContainerPort{
|
||||||
|
v1.ContainerPort{
|
||||||
|
Name: "sideport",
|
||||||
|
ContainerPort: 9001,
|
||||||
|
Protocol: v1.ProtocolTCP,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Status: v1.PodStatus{
|
||||||
|
HostIP: "2.3.4.5",
|
||||||
|
PodIP: "1.2.3.4",
|
||||||
|
},
|
||||||
|
})
|
||||||
|
|
||||||
|
k8sDiscoveryTest{
|
||||||
|
discovery: n,
|
||||||
|
afterStart: func() {
|
||||||
|
go func() {
|
||||||
|
eps.Add(
|
||||||
|
&v1.Endpoints{
|
||||||
|
ObjectMeta: v1.ObjectMeta{
|
||||||
|
Name: "testendpoints",
|
||||||
|
Namespace: "default",
|
||||||
|
},
|
||||||
|
Subsets: []v1.EndpointSubset{
|
||||||
|
v1.EndpointSubset{
|
||||||
|
Addresses: []v1.EndpointAddress{
|
||||||
|
v1.EndpointAddress{
|
||||||
|
IP: "4.3.2.1",
|
||||||
|
TargetRef: &v1.ObjectReference{
|
||||||
|
Kind: "Pod",
|
||||||
|
Name: "testpod",
|
||||||
|
Namespace: "default",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Ports: []v1.EndpointPort{
|
||||||
|
v1.EndpointPort{
|
||||||
|
Name: "testport",
|
||||||
|
Port: 9000,
|
||||||
|
Protocol: v1.ProtocolTCP,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
)
|
||||||
|
}()
|
||||||
|
},
|
||||||
|
expectedRes: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Targets: []model.LabelSet{
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "4.3.2.1:9000",
|
||||||
|
"__meta_kubernetes_endpoint_port_name": "testport",
|
||||||
|
"__meta_kubernetes_endpoint_port_protocol": "TCP",
|
||||||
|
"__meta_kubernetes_endpoint_ready": "true",
|
||||||
|
"__meta_kubernetes_pod_name": "testpod",
|
||||||
|
"__meta_kubernetes_pod_ip": "1.2.3.4",
|
||||||
|
"__meta_kubernetes_pod_ready": "unknown",
|
||||||
|
"__meta_kubernetes_pod_node_name": "testnode",
|
||||||
|
"__meta_kubernetes_pod_host_ip": "2.3.4.5",
|
||||||
|
"__meta_kubernetes_pod_container_name": "c1",
|
||||||
|
"__meta_kubernetes_pod_container_port_name": "mainport",
|
||||||
|
"__meta_kubernetes_pod_container_port_number": "9000",
|
||||||
|
"__meta_kubernetes_pod_container_port_protocol": "TCP",
|
||||||
|
},
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "1.2.3.4:9001",
|
||||||
|
"__meta_kubernetes_pod_name": "testpod",
|
||||||
|
"__meta_kubernetes_pod_ip": "1.2.3.4",
|
||||||
|
"__meta_kubernetes_pod_ready": "unknown",
|
||||||
|
"__meta_kubernetes_pod_node_name": "testnode",
|
||||||
|
"__meta_kubernetes_pod_host_ip": "2.3.4.5",
|
||||||
|
"__meta_kubernetes_pod_container_name": "c2",
|
||||||
|
"__meta_kubernetes_pod_container_port_name": "sideport",
|
||||||
|
"__meta_kubernetes_pod_container_port_number": "9001",
|
||||||
|
"__meta_kubernetes_pod_container_port_protocol": "TCP",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Labels: model.LabelSet{
|
||||||
|
"__meta_kubernetes_endpoints_name": "testendpoints",
|
||||||
|
"__meta_kubernetes_namespace": "default",
|
||||||
|
},
|
||||||
|
Source: "endpoints/default/testendpoints",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}.Run(t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestEndpointsDiscoveryDelete(t *testing.T) {
|
||||||
|
n, _, eps, _ := makeTestEndpointsDiscovery()
|
||||||
|
eps.GetStore().Add(makeEndpoints())
|
||||||
|
|
||||||
|
k8sDiscoveryTest{
|
||||||
|
discovery: n,
|
||||||
|
afterStart: func() { go func() { eps.Delete(makeEndpoints()) }() },
|
||||||
|
expectedRes: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Source: "endpoints/default/testendpoints",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}.Run(t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestEndpointsDiscoveryUpdate(t *testing.T) {
|
||||||
|
n, _, eps, _ := makeTestEndpointsDiscovery()
|
||||||
|
eps.GetStore().Add(makeEndpoints())
|
||||||
|
|
||||||
|
k8sDiscoveryTest{
|
||||||
|
discovery: n,
|
||||||
|
afterStart: func() {
|
||||||
|
go func() {
|
||||||
|
eps.Update(&v1.Endpoints{
|
||||||
|
ObjectMeta: v1.ObjectMeta{
|
||||||
|
Name: "testendpoints",
|
||||||
|
Namespace: "default",
|
||||||
|
},
|
||||||
|
Subsets: []v1.EndpointSubset{
|
||||||
|
v1.EndpointSubset{
|
||||||
|
Addresses: []v1.EndpointAddress{
|
||||||
|
v1.EndpointAddress{
|
||||||
|
IP: "1.2.3.4",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Ports: []v1.EndpointPort{
|
||||||
|
v1.EndpointPort{
|
||||||
|
Name: "testport",
|
||||||
|
Port: 9000,
|
||||||
|
Protocol: v1.ProtocolTCP,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
v1.EndpointSubset{
|
||||||
|
Addresses: []v1.EndpointAddress{
|
||||||
|
v1.EndpointAddress{
|
||||||
|
IP: "2.3.4.5",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Ports: []v1.EndpointPort{
|
||||||
|
v1.EndpointPort{
|
||||||
|
Name: "testport",
|
||||||
|
Port: 9001,
|
||||||
|
Protocol: v1.ProtocolTCP,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}()
|
||||||
|
},
|
||||||
|
expectedRes: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Targets: []model.LabelSet{
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "1.2.3.4:9000",
|
||||||
|
"__meta_kubernetes_endpoint_port_name": "testport",
|
||||||
|
"__meta_kubernetes_endpoint_port_protocol": "TCP",
|
||||||
|
"__meta_kubernetes_endpoint_ready": "true",
|
||||||
|
},
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "2.3.4.5:9001",
|
||||||
|
"__meta_kubernetes_endpoint_port_name": "testport",
|
||||||
|
"__meta_kubernetes_endpoint_port_protocol": "TCP",
|
||||||
|
"__meta_kubernetes_endpoint_ready": "true",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Labels: model.LabelSet{
|
||||||
|
"__meta_kubernetes_namespace": "default",
|
||||||
|
"__meta_kubernetes_endpoints_name": "testendpoints",
|
||||||
|
},
|
||||||
|
Source: "endpoints/default/testendpoints",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}.Run(t)
|
||||||
|
}
|
186
retrieval/discovery/kubernetes/kubernetes.go
Normal file
186
retrieval/discovery/kubernetes/kubernetes.go
Normal file
|
@ -0,0 +1,186 @@
|
||||||
|
// Copyright 2016 The Prometheus Authors
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package kubernetes
|
||||||
|
|
||||||
|
import (
|
||||||
|
"io/ioutil"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/prometheus/prometheus/config"
|
||||||
|
|
||||||
|
"github.com/prometheus/common/log"
|
||||||
|
"github.com/prometheus/common/model"
|
||||||
|
"golang.org/x/net/context"
|
||||||
|
"k8s.io/client-go/1.5/kubernetes"
|
||||||
|
"k8s.io/client-go/1.5/pkg/api"
|
||||||
|
apiv1 "k8s.io/client-go/1.5/pkg/api/v1"
|
||||||
|
"k8s.io/client-go/1.5/pkg/util/runtime"
|
||||||
|
"k8s.io/client-go/1.5/rest"
|
||||||
|
"k8s.io/client-go/1.5/tools/cache"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
// kubernetesMetaLabelPrefix is the meta prefix used for all meta labels.
|
||||||
|
// in this discovery.
|
||||||
|
metaLabelPrefix = model.MetaLabelPrefix + "kubernetes_"
|
||||||
|
namespaceLabel = metaLabelPrefix + "namespace"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Kubernetes implements the TargetProvider interface for discovering
|
||||||
|
// targets from Kubernetes.
|
||||||
|
type Kubernetes struct {
|
||||||
|
client kubernetes.Interface
|
||||||
|
role config.KubernetesRole
|
||||||
|
logger log.Logger
|
||||||
|
}
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
runtime.ErrorHandlers = append(runtime.ErrorHandlers, func(err error) {
|
||||||
|
log.With("component", "kube_client_runtime").Errorln(err)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
// New creates a new Kubernetes discovery for the given role.
|
||||||
|
func New(l log.Logger, conf *config.KubernetesSDConfig) (*Kubernetes, error) {
|
||||||
|
var (
|
||||||
|
kcfg *rest.Config
|
||||||
|
err error
|
||||||
|
)
|
||||||
|
if conf.APIServer.URL == nil {
|
||||||
|
kcfg, err = rest.InClusterConfig()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
token := conf.BearerToken
|
||||||
|
if conf.BearerTokenFile != "" {
|
||||||
|
bf, err := ioutil.ReadFile(conf.BearerTokenFile)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
token = string(bf)
|
||||||
|
}
|
||||||
|
|
||||||
|
kcfg = &rest.Config{
|
||||||
|
Host: conf.APIServer.String(),
|
||||||
|
BearerToken: token,
|
||||||
|
TLSClientConfig: rest.TLSClientConfig{
|
||||||
|
CAFile: conf.TLSConfig.CAFile,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
kcfg.UserAgent = "prometheus/discovery"
|
||||||
|
|
||||||
|
if conf.BasicAuth != nil {
|
||||||
|
kcfg.Username = conf.BasicAuth.Username
|
||||||
|
kcfg.Password = conf.BasicAuth.Password
|
||||||
|
}
|
||||||
|
kcfg.TLSClientConfig.CertFile = conf.TLSConfig.CertFile
|
||||||
|
kcfg.TLSClientConfig.KeyFile = conf.TLSConfig.KeyFile
|
||||||
|
kcfg.Insecure = conf.TLSConfig.InsecureSkipVerify
|
||||||
|
|
||||||
|
c, err := kubernetes.NewForConfig(kcfg)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return &Kubernetes{
|
||||||
|
client: c,
|
||||||
|
logger: l,
|
||||||
|
role: conf.Role,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
const resyncPeriod = 10 * time.Minute
|
||||||
|
|
||||||
|
// Run implements the TargetProvider interface.
|
||||||
|
func (k *Kubernetes) Run(ctx context.Context, ch chan<- []*config.TargetGroup) {
|
||||||
|
defer close(ch)
|
||||||
|
|
||||||
|
rclient := k.client.Core().GetRESTClient()
|
||||||
|
|
||||||
|
switch k.role {
|
||||||
|
case "endpoint":
|
||||||
|
elw := cache.NewListWatchFromClient(rclient, "endpoints", api.NamespaceAll, nil)
|
||||||
|
slw := cache.NewListWatchFromClient(rclient, "services", api.NamespaceAll, nil)
|
||||||
|
plw := cache.NewListWatchFromClient(rclient, "pods", api.NamespaceAll, nil)
|
||||||
|
eps := NewEndpoints(
|
||||||
|
k.logger.With("kubernetes_sd", "endpoint"),
|
||||||
|
cache.NewSharedInformer(slw, &apiv1.Service{}, resyncPeriod),
|
||||||
|
cache.NewSharedInformer(elw, &apiv1.Endpoints{}, resyncPeriod),
|
||||||
|
cache.NewSharedInformer(plw, &apiv1.Pod{}, resyncPeriod),
|
||||||
|
)
|
||||||
|
go eps.endpointsInf.Run(ctx.Done())
|
||||||
|
go eps.serviceInf.Run(ctx.Done())
|
||||||
|
go eps.podInf.Run(ctx.Done())
|
||||||
|
|
||||||
|
for !eps.serviceInf.HasSynced() {
|
||||||
|
time.Sleep(100 * time.Millisecond)
|
||||||
|
}
|
||||||
|
for !eps.endpointsInf.HasSynced() {
|
||||||
|
time.Sleep(100 * time.Millisecond)
|
||||||
|
}
|
||||||
|
for !eps.podInf.HasSynced() {
|
||||||
|
time.Sleep(100 * time.Millisecond)
|
||||||
|
}
|
||||||
|
eps.Run(ctx, ch)
|
||||||
|
|
||||||
|
case "pod":
|
||||||
|
plw := cache.NewListWatchFromClient(rclient, "pods", api.NamespaceAll, nil)
|
||||||
|
pod := NewPod(
|
||||||
|
k.logger.With("kubernetes_sd", "pod"),
|
||||||
|
cache.NewSharedInformer(plw, &apiv1.Pod{}, resyncPeriod),
|
||||||
|
)
|
||||||
|
go pod.informer.Run(ctx.Done())
|
||||||
|
|
||||||
|
for !pod.informer.HasSynced() {
|
||||||
|
time.Sleep(100 * time.Millisecond)
|
||||||
|
}
|
||||||
|
pod.Run(ctx, ch)
|
||||||
|
|
||||||
|
case "service":
|
||||||
|
slw := cache.NewListWatchFromClient(rclient, "services", api.NamespaceAll, nil)
|
||||||
|
svc := NewService(
|
||||||
|
k.logger.With("kubernetes_sd", "service"),
|
||||||
|
cache.NewSharedInformer(slw, &apiv1.Service{}, resyncPeriod),
|
||||||
|
)
|
||||||
|
go svc.informer.Run(ctx.Done())
|
||||||
|
|
||||||
|
for !svc.informer.HasSynced() {
|
||||||
|
time.Sleep(100 * time.Millisecond)
|
||||||
|
}
|
||||||
|
svc.Run(ctx, ch)
|
||||||
|
|
||||||
|
case "node":
|
||||||
|
nlw := cache.NewListWatchFromClient(rclient, "nodes", api.NamespaceAll, nil)
|
||||||
|
node := NewNode(
|
||||||
|
k.logger.With("kubernetes_sd", "node"),
|
||||||
|
cache.NewSharedInformer(nlw, &apiv1.Node{}, resyncPeriod),
|
||||||
|
)
|
||||||
|
go node.informer.Run(ctx.Done())
|
||||||
|
|
||||||
|
for !node.informer.HasSynced() {
|
||||||
|
time.Sleep(100 * time.Millisecond)
|
||||||
|
}
|
||||||
|
node.Run(ctx, ch)
|
||||||
|
|
||||||
|
default:
|
||||||
|
k.logger.Errorf("unknown Kubernetes discovery kind %q", k.role)
|
||||||
|
}
|
||||||
|
|
||||||
|
<-ctx.Done()
|
||||||
|
}
|
||||||
|
|
||||||
|
func lv(s string) model.LabelValue {
|
||||||
|
return model.LabelValue(s)
|
||||||
|
}
|
|
@ -14,229 +14,148 @@
|
||||||
package kubernetes
|
package kubernetes
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
|
||||||
"strconv"
|
"strconv"
|
||||||
"sync"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/prometheus/common/log"
|
"github.com/prometheus/common/log"
|
||||||
"github.com/prometheus/common/model"
|
"github.com/prometheus/common/model"
|
||||||
"github.com/prometheus/prometheus/config"
|
"github.com/prometheus/prometheus/config"
|
||||||
"github.com/prometheus/prometheus/util/strutil"
|
"github.com/prometheus/prometheus/util/strutil"
|
||||||
"golang.org/x/net/context"
|
"golang.org/x/net/context"
|
||||||
|
"k8s.io/client-go/1.5/pkg/api"
|
||||||
|
apiv1 "k8s.io/client-go/1.5/pkg/api/v1"
|
||||||
|
"k8s.io/client-go/1.5/tools/cache"
|
||||||
)
|
)
|
||||||
|
|
||||||
type nodeDiscovery struct {
|
// Node discovers Kubernetes nodes.
|
||||||
mtx sync.RWMutex
|
type Node struct {
|
||||||
nodes map[string]*Node
|
logger log.Logger
|
||||||
retryInterval time.Duration
|
informer cache.SharedInformer
|
||||||
kd *Discovery
|
store cache.Store
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *nodeDiscovery) run(ctx context.Context, ch chan<- []*config.TargetGroup) {
|
// NewNode returns a new node discovery.
|
||||||
|
func NewNode(l log.Logger, inf cache.SharedInformer) *Node {
|
||||||
|
return &Node{logger: l, informer: inf, store: inf.GetStore()}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Run implements the TargetProvider interface.
|
||||||
|
func (n *Node) Run(ctx context.Context, ch chan<- []*config.TargetGroup) {
|
||||||
|
// Send full initial set of pod targets.
|
||||||
|
var initial []*config.TargetGroup
|
||||||
|
for _, o := range n.store.List() {
|
||||||
|
tg := n.buildNode(o.(*apiv1.Node))
|
||||||
|
initial = append(initial, tg)
|
||||||
|
}
|
||||||
select {
|
select {
|
||||||
case ch <- []*config.TargetGroup{d.updateNodesTargetGroup()}:
|
|
||||||
case <-ctx.Done():
|
case <-ctx.Done():
|
||||||
return
|
return
|
||||||
|
case ch <- initial:
|
||||||
}
|
}
|
||||||
|
|
||||||
update := make(chan *nodeEvent, 10)
|
// Send target groups for service updates.
|
||||||
go d.watchNodes(update, ctx.Done(), d.retryInterval)
|
send := func(tg *config.TargetGroup) {
|
||||||
|
|
||||||
for {
|
|
||||||
tgs := []*config.TargetGroup{}
|
|
||||||
select {
|
select {
|
||||||
case <-ctx.Done():
|
case <-ctx.Done():
|
||||||
return
|
case ch <- []*config.TargetGroup{tg}:
|
||||||
case e := <-update:
|
|
||||||
log.Debugf("k8s discovery received node event (EventType=%s, Node Name=%s)", e.EventType, e.Node.ObjectMeta.Name)
|
|
||||||
d.updateNode(e.Node, e.EventType)
|
|
||||||
tgs = append(tgs, d.updateNodesTargetGroup())
|
|
||||||
}
|
|
||||||
if tgs == nil {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, tg := range tgs {
|
|
||||||
select {
|
|
||||||
case ch <- []*config.TargetGroup{tg}:
|
|
||||||
case <-ctx.Done():
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
n.informer.AddEventHandler(cache.ResourceEventHandlerFuncs{
|
||||||
|
AddFunc: func(o interface{}) {
|
||||||
|
send(n.buildNode(o.(*apiv1.Node)))
|
||||||
|
},
|
||||||
|
DeleteFunc: func(o interface{}) {
|
||||||
|
send(&config.TargetGroup{Source: nodeSource(o.(*apiv1.Node))})
|
||||||
|
},
|
||||||
|
UpdateFunc: func(_, o interface{}) {
|
||||||
|
send(n.buildNode(o.(*apiv1.Node)))
|
||||||
|
},
|
||||||
|
})
|
||||||
|
|
||||||
|
// Block until the target provider is explicitly canceled.
|
||||||
|
<-ctx.Done()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *nodeDiscovery) updateNodesTargetGroup() *config.TargetGroup {
|
func nodeSource(n *apiv1.Node) string {
|
||||||
d.mtx.RLock()
|
return "node/" + n.Name
|
||||||
defer d.mtx.RUnlock()
|
}
|
||||||
|
|
||||||
|
const (
|
||||||
|
nodeNameLabel = metaLabelPrefix + "node_name"
|
||||||
|
nodeLabelPrefix = metaLabelPrefix + "node_label_"
|
||||||
|
nodeAnnotationPrefix = metaLabelPrefix + "node_annotation_"
|
||||||
|
nodeAddressPrefix = metaLabelPrefix + "node_address_"
|
||||||
|
)
|
||||||
|
|
||||||
|
func nodeLabels(n *apiv1.Node) model.LabelSet {
|
||||||
|
ls := make(model.LabelSet, len(n.Labels)+len(n.Annotations)+2)
|
||||||
|
|
||||||
|
ls[nodeNameLabel] = lv(n.Name)
|
||||||
|
|
||||||
|
for k, v := range n.Labels {
|
||||||
|
ln := strutil.SanitizeLabelName(nodeLabelPrefix + k)
|
||||||
|
ls[model.LabelName(ln)] = lv(v)
|
||||||
|
}
|
||||||
|
|
||||||
|
for k, v := range n.Annotations {
|
||||||
|
ln := strutil.SanitizeLabelName(nodeAnnotationPrefix + k)
|
||||||
|
ls[model.LabelName(ln)] = lv(v)
|
||||||
|
}
|
||||||
|
return ls
|
||||||
|
}
|
||||||
|
|
||||||
|
func (n *Node) buildNode(node *apiv1.Node) *config.TargetGroup {
|
||||||
tg := &config.TargetGroup{
|
tg := &config.TargetGroup{
|
||||||
Source: nodesTargetGroupName,
|
Source: nodeSource(node),
|
||||||
Labels: model.LabelSet{
|
}
|
||||||
roleLabel: model.LabelValue("node"),
|
tg.Labels = nodeLabels(node)
|
||||||
},
|
|
||||||
|
addr, addrMap, err := nodeAddress(node)
|
||||||
|
if err != nil {
|
||||||
|
n.logger.With("err", err).Debugf("No node address found")
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
addr = net.JoinHostPort(addr, strconv.FormatInt(int64(node.Status.DaemonEndpoints.KubeletEndpoint.Port), 10))
|
||||||
|
|
||||||
|
t := model.LabelSet{
|
||||||
|
model.AddressLabel: lv(addr),
|
||||||
|
model.InstanceLabel: lv(node.Name),
|
||||||
}
|
}
|
||||||
|
|
||||||
// Now let's loop through the nodes & add them to the target group with appropriate labels.
|
for ty, a := range addrMap {
|
||||||
for nodeName, node := range d.nodes {
|
ln := strutil.SanitizeLabelName(nodeAddressPrefix + string(ty))
|
||||||
defaultNodeAddress, nodeAddressMap, err := nodeAddresses(node)
|
t[model.LabelName(ln)] = lv(a[0])
|
||||||
if err != nil {
|
|
||||||
log.Debugf("Skipping node %s: %s", node.Name, err)
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
kubeletPort := int(node.Status.DaemonEndpoints.KubeletEndpoint.Port)
|
|
||||||
|
|
||||||
address := net.JoinHostPort(defaultNodeAddress.String(), fmt.Sprintf("%d", kubeletPort))
|
|
||||||
|
|
||||||
t := model.LabelSet{
|
|
||||||
model.AddressLabel: model.LabelValue(address),
|
|
||||||
model.InstanceLabel: model.LabelValue(nodeName),
|
|
||||||
}
|
|
||||||
|
|
||||||
for addrType, ip := range nodeAddressMap {
|
|
||||||
labelName := strutil.SanitizeLabelName(nodeAddressPrefix + string(addrType))
|
|
||||||
t[model.LabelName(labelName)] = model.LabelValue(ip[0].String())
|
|
||||||
}
|
|
||||||
|
|
||||||
t[model.LabelName(nodePortLabel)] = model.LabelValue(strconv.Itoa(kubeletPort))
|
|
||||||
|
|
||||||
for k, v := range node.ObjectMeta.Labels {
|
|
||||||
labelName := strutil.SanitizeLabelName(nodeLabelPrefix + k)
|
|
||||||
t[model.LabelName(labelName)] = model.LabelValue(v)
|
|
||||||
}
|
|
||||||
tg.Targets = append(tg.Targets, t)
|
|
||||||
}
|
}
|
||||||
|
tg.Targets = append(tg.Targets, t)
|
||||||
|
|
||||||
return tg
|
return tg
|
||||||
}
|
}
|
||||||
|
|
||||||
// watchNodes watches nodes as they come & go.
|
|
||||||
func (d *nodeDiscovery) watchNodes(events chan *nodeEvent, done <-chan struct{}, retryInterval time.Duration) {
|
|
||||||
until(func() {
|
|
||||||
nodes, resourceVersion, err := d.getNodes()
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("Cannot initialize nodes collection: %s", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Reset the known nodes.
|
|
||||||
d.mtx.Lock()
|
|
||||||
d.nodes = map[string]*Node{}
|
|
||||||
d.mtx.Unlock()
|
|
||||||
|
|
||||||
for _, node := range nodes {
|
|
||||||
events <- &nodeEvent{Added, node}
|
|
||||||
}
|
|
||||||
|
|
||||||
req, err := http.NewRequest("GET", nodesURL, nil)
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("Cannot create nodes request: %s", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
values := req.URL.Query()
|
|
||||||
values.Add("watch", "true")
|
|
||||||
values.Add("resourceVersion", resourceVersion)
|
|
||||||
req.URL.RawQuery = values.Encode()
|
|
||||||
res, err := d.kd.queryAPIServerReq(req)
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("Failed to watch nodes: %s", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
defer res.Body.Close()
|
|
||||||
if res.StatusCode != http.StatusOK {
|
|
||||||
log.Errorf("Failed to watch nodes: %d", res.StatusCode)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
d := json.NewDecoder(res.Body)
|
|
||||||
|
|
||||||
for {
|
|
||||||
var event nodeEvent
|
|
||||||
if err := d.Decode(&event); err != nil {
|
|
||||||
log.Errorf("Watch nodes unexpectedly closed: %s", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
select {
|
|
||||||
case events <- &event:
|
|
||||||
case <-done:
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}, retryInterval, done)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (d *nodeDiscovery) updateNode(node *Node, eventType EventType) {
|
|
||||||
d.mtx.Lock()
|
|
||||||
defer d.mtx.Unlock()
|
|
||||||
|
|
||||||
updatedNodeName := node.ObjectMeta.Name
|
|
||||||
switch eventType {
|
|
||||||
case Deleted:
|
|
||||||
// Deleted - remove from nodes map.
|
|
||||||
delete(d.nodes, updatedNodeName)
|
|
||||||
case Added, Modified:
|
|
||||||
// Added/Modified - update the node in the nodes map.
|
|
||||||
d.nodes[updatedNodeName] = node
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (d *nodeDiscovery) getNodes() (map[string]*Node, string, error) {
|
|
||||||
res, err := d.kd.queryAPIServerPath(nodesURL)
|
|
||||||
if err != nil {
|
|
||||||
// If we can't list nodes then we can't watch them. Assume this is a misconfiguration
|
|
||||||
// & return error.
|
|
||||||
return nil, "", fmt.Errorf("unable to list Kubernetes nodes: %s", err)
|
|
||||||
}
|
|
||||||
defer res.Body.Close()
|
|
||||||
if res.StatusCode != http.StatusOK {
|
|
||||||
return nil, "", fmt.Errorf("unable to list Kubernetes nodes; unexpected response: %d %s", res.StatusCode, res.Status)
|
|
||||||
}
|
|
||||||
|
|
||||||
var nodes NodeList
|
|
||||||
if err := json.NewDecoder(res.Body).Decode(&nodes); err != nil {
|
|
||||||
body, _ := ioutil.ReadAll(res.Body)
|
|
||||||
return nil, "", fmt.Errorf("unable to list Kubernetes nodes; unexpected response body: %s", string(body))
|
|
||||||
}
|
|
||||||
|
|
||||||
nodeMap := map[string]*Node{}
|
|
||||||
for idx, node := range nodes.Items {
|
|
||||||
nodeMap[node.ObjectMeta.Name] = &nodes.Items[idx]
|
|
||||||
}
|
|
||||||
|
|
||||||
return nodeMap, nodes.ResourceVersion, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// nodeAddresses returns the provided node's address, based on the priority:
|
// nodeAddresses returns the provided node's address, based on the priority:
|
||||||
// 1. NodeInternalIP
|
// 1. NodeInternalIP
|
||||||
// 2. NodeExternalIP
|
// 2. NodeExternalIP
|
||||||
// 3. NodeLegacyHostIP
|
// 3. NodeLegacyHostIP
|
||||||
|
// 3. NodeHostName
|
||||||
//
|
//
|
||||||
// Copied from k8s.io/kubernetes/pkg/util/node/node.go
|
// Derived from k8s.io/kubernetes/pkg/util/node/node.go
|
||||||
func nodeAddresses(node *Node) (net.IP, map[NodeAddressType][]net.IP, error) {
|
func nodeAddress(node *apiv1.Node) (string, map[apiv1.NodeAddressType][]string, error) {
|
||||||
addresses := node.Status.Addresses
|
m := map[apiv1.NodeAddressType][]string{}
|
||||||
addressMap := map[NodeAddressType][]net.IP{}
|
for _, a := range node.Status.Addresses {
|
||||||
for _, addr := range addresses {
|
m[a.Type] = append(m[a.Type], a.Address)
|
||||||
ip := net.ParseIP(addr.Address)
|
|
||||||
// All addresses should be valid IPs.
|
|
||||||
if ip == nil {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
addressMap[addr.Type] = append(addressMap[addr.Type], ip)
|
|
||||||
}
|
}
|
||||||
if addresses, ok := addressMap[NodeInternalIP]; ok {
|
|
||||||
return addresses[0], addressMap, nil
|
if addresses, ok := m[apiv1.NodeInternalIP]; ok {
|
||||||
|
return addresses[0], m, nil
|
||||||
}
|
}
|
||||||
if addresses, ok := addressMap[NodeExternalIP]; ok {
|
if addresses, ok := m[apiv1.NodeExternalIP]; ok {
|
||||||
return addresses[0], addressMap, nil
|
return addresses[0], m, nil
|
||||||
}
|
}
|
||||||
if addresses, ok := addressMap[NodeLegacyHostIP]; ok {
|
if addresses, ok := m[apiv1.NodeAddressType(api.NodeLegacyHostIP)]; ok {
|
||||||
return addresses[0], addressMap, nil
|
return addresses[0], m, nil
|
||||||
}
|
}
|
||||||
return nil, nil, fmt.Errorf("host IP unknown; known addresses: %v", addresses)
|
if addresses, ok := m[apiv1.NodeHostName]; ok {
|
||||||
|
return addresses[0], m, nil
|
||||||
|
}
|
||||||
|
return "", m, fmt.Errorf("host address unknown")
|
||||||
}
|
}
|
||||||
|
|
323
retrieval/discovery/kubernetes/node_test.go
Normal file
323
retrieval/discovery/kubernetes/node_test.go
Normal file
|
@ -0,0 +1,323 @@
|
||||||
|
// Copyright 2016 The Prometheus Authors
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package kubernetes
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"sync"
|
||||||
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/prometheus/common/log"
|
||||||
|
"github.com/prometheus/common/model"
|
||||||
|
"github.com/prometheus/prometheus/config"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
"golang.org/x/net/context"
|
||||||
|
"k8s.io/client-go/1.5/pkg/api/v1"
|
||||||
|
"k8s.io/client-go/1.5/tools/cache"
|
||||||
|
)
|
||||||
|
|
||||||
|
type fakeInformer struct {
|
||||||
|
store cache.Store
|
||||||
|
handlers []cache.ResourceEventHandler
|
||||||
|
|
||||||
|
blockDeltas sync.Mutex
|
||||||
|
}
|
||||||
|
|
||||||
|
func newFakeInformer(f func(obj interface{}) (string, error)) *fakeInformer {
|
||||||
|
i := &fakeInformer{
|
||||||
|
store: cache.NewStore(f),
|
||||||
|
}
|
||||||
|
// We want to make sure that all delta events (Add/Update/Delete) are blocked
|
||||||
|
// until our handlers to test have been added.
|
||||||
|
i.blockDeltas.Lock()
|
||||||
|
return i
|
||||||
|
}
|
||||||
|
|
||||||
|
func (i *fakeInformer) AddEventHandler(handler cache.ResourceEventHandler) error {
|
||||||
|
i.handlers = append(i.handlers, handler)
|
||||||
|
// Only now that there is a registered handler, we are able to handle deltas.
|
||||||
|
i.blockDeltas.Unlock()
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (i *fakeInformer) GetStore() cache.Store {
|
||||||
|
return i.store
|
||||||
|
}
|
||||||
|
|
||||||
|
func (i *fakeInformer) GetController() cache.ControllerInterface {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (i *fakeInformer) Run(stopCh <-chan struct{}) {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
func (i *fakeInformer) HasSynced() bool {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
func (i *fakeInformer) LastSyncResourceVersion() string {
|
||||||
|
return "0"
|
||||||
|
}
|
||||||
|
|
||||||
|
func (i *fakeInformer) Add(obj interface{}) {
|
||||||
|
i.blockDeltas.Lock()
|
||||||
|
defer i.blockDeltas.Unlock()
|
||||||
|
|
||||||
|
for _, h := range i.handlers {
|
||||||
|
h.OnAdd(obj)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (i *fakeInformer) Delete(obj interface{}) {
|
||||||
|
i.blockDeltas.Lock()
|
||||||
|
defer i.blockDeltas.Unlock()
|
||||||
|
|
||||||
|
for _, h := range i.handlers {
|
||||||
|
h.OnDelete(obj)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (i *fakeInformer) Update(obj interface{}) {
|
||||||
|
i.blockDeltas.Lock()
|
||||||
|
defer i.blockDeltas.Unlock()
|
||||||
|
|
||||||
|
for _, h := range i.handlers {
|
||||||
|
h.OnUpdate(nil, obj)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
type targetProvider interface {
|
||||||
|
Run(ctx context.Context, up chan<- []*config.TargetGroup)
|
||||||
|
}
|
||||||
|
|
||||||
|
type k8sDiscoveryTest struct {
|
||||||
|
discovery targetProvider
|
||||||
|
afterStart func()
|
||||||
|
expectedInitial []*config.TargetGroup
|
||||||
|
expectedRes []*config.TargetGroup
|
||||||
|
}
|
||||||
|
|
||||||
|
func (d k8sDiscoveryTest) Run(t *testing.T) {
|
||||||
|
ch := make(chan []*config.TargetGroup)
|
||||||
|
ctx, cancel := context.WithTimeout(context.Background(), time.Millisecond*10)
|
||||||
|
defer cancel()
|
||||||
|
go func() {
|
||||||
|
d.discovery.Run(ctx, ch)
|
||||||
|
}()
|
||||||
|
|
||||||
|
initialRes := <-ch
|
||||||
|
if d.expectedInitial != nil {
|
||||||
|
requireTargetGroups(t, d.expectedInitial, initialRes)
|
||||||
|
}
|
||||||
|
|
||||||
|
if d.afterStart != nil && d.expectedRes != nil {
|
||||||
|
d.afterStart()
|
||||||
|
res := <-ch
|
||||||
|
|
||||||
|
requireTargetGroups(t, d.expectedRes, res)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func requireTargetGroups(t *testing.T, expected, res []*config.TargetGroup) {
|
||||||
|
b1, err := json.Marshal(expected)
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
b2, err := json.Marshal(res)
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
require.JSONEq(t, string(b1), string(b2))
|
||||||
|
}
|
||||||
|
|
||||||
|
func nodeStoreKeyFunc(obj interface{}) (string, error) {
|
||||||
|
return obj.(*v1.Node).ObjectMeta.Name, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func newFakeNodeInformer() *fakeInformer {
|
||||||
|
return newFakeInformer(nodeStoreKeyFunc)
|
||||||
|
}
|
||||||
|
|
||||||
|
func makeTestNodeDiscovery() (*Node, *fakeInformer) {
|
||||||
|
i := newFakeNodeInformer()
|
||||||
|
return NewNode(log.Base(), i), i
|
||||||
|
}
|
||||||
|
|
||||||
|
func makeNode(name, address string, labels map[string]string, annotations map[string]string) *v1.Node {
|
||||||
|
return &v1.Node{
|
||||||
|
ObjectMeta: v1.ObjectMeta{
|
||||||
|
Name: name,
|
||||||
|
Labels: labels,
|
||||||
|
Annotations: annotations,
|
||||||
|
},
|
||||||
|
Status: v1.NodeStatus{
|
||||||
|
Addresses: []v1.NodeAddress{
|
||||||
|
v1.NodeAddress{
|
||||||
|
Type: v1.NodeInternalIP,
|
||||||
|
Address: address,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
DaemonEndpoints: v1.NodeDaemonEndpoints{
|
||||||
|
KubeletEndpoint: v1.DaemonEndpoint{
|
||||||
|
Port: 10250,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func makeEnumeratedNode(i int) *v1.Node {
|
||||||
|
return makeNode(fmt.Sprintf("test%d", i), "1.2.3.4", map[string]string{}, map[string]string{})
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestNodeDiscoveryInitial(t *testing.T) {
|
||||||
|
n, i := makeTestNodeDiscovery()
|
||||||
|
i.GetStore().Add(makeNode(
|
||||||
|
"test",
|
||||||
|
"1.2.3.4",
|
||||||
|
map[string]string{"testlabel": "testvalue"},
|
||||||
|
map[string]string{"testannotation": "testannotationvalue"},
|
||||||
|
))
|
||||||
|
|
||||||
|
k8sDiscoveryTest{
|
||||||
|
discovery: n,
|
||||||
|
expectedInitial: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Targets: []model.LabelSet{
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "1.2.3.4:10250",
|
||||||
|
"instance": "test",
|
||||||
|
"__meta_kubernetes_node_address_InternalIP": "1.2.3.4",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Labels: model.LabelSet{
|
||||||
|
"__meta_kubernetes_node_name": "test",
|
||||||
|
"__meta_kubernetes_node_label_testlabel": "testvalue",
|
||||||
|
"__meta_kubernetes_node_annotation_testannotation": "testannotationvalue",
|
||||||
|
},
|
||||||
|
Source: "node/test",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}.Run(t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestNodeDiscoveryAdd(t *testing.T) {
|
||||||
|
n, i := makeTestNodeDiscovery()
|
||||||
|
|
||||||
|
k8sDiscoveryTest{
|
||||||
|
discovery: n,
|
||||||
|
afterStart: func() { go func() { i.Add(makeEnumeratedNode(1)) }() },
|
||||||
|
expectedRes: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Targets: []model.LabelSet{
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "1.2.3.4:10250",
|
||||||
|
"instance": "test1",
|
||||||
|
"__meta_kubernetes_node_address_InternalIP": "1.2.3.4",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Labels: model.LabelSet{
|
||||||
|
"__meta_kubernetes_node_name": "test1",
|
||||||
|
},
|
||||||
|
Source: "node/test1",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}.Run(t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestNodeDiscoveryDelete(t *testing.T) {
|
||||||
|
n, i := makeTestNodeDiscovery()
|
||||||
|
i.GetStore().Add(makeEnumeratedNode(0))
|
||||||
|
|
||||||
|
k8sDiscoveryTest{
|
||||||
|
discovery: n,
|
||||||
|
afterStart: func() { go func() { i.Delete(makeEnumeratedNode(0)) }() },
|
||||||
|
expectedInitial: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Targets: []model.LabelSet{
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "1.2.3.4:10250",
|
||||||
|
"instance": "test0",
|
||||||
|
"__meta_kubernetes_node_address_InternalIP": "1.2.3.4",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Labels: model.LabelSet{
|
||||||
|
"__meta_kubernetes_node_name": "test0",
|
||||||
|
},
|
||||||
|
Source: "node/test0",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedRes: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Source: "node/test0",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}.Run(t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestNodeDiscoveryUpdate(t *testing.T) {
|
||||||
|
n, i := makeTestNodeDiscovery()
|
||||||
|
i.GetStore().Add(makeEnumeratedNode(0))
|
||||||
|
|
||||||
|
k8sDiscoveryTest{
|
||||||
|
discovery: n,
|
||||||
|
afterStart: func() {
|
||||||
|
go func() {
|
||||||
|
i.Update(
|
||||||
|
makeNode(
|
||||||
|
"test0",
|
||||||
|
"1.2.3.4",
|
||||||
|
map[string]string{"Unschedulable": "true"},
|
||||||
|
map[string]string{},
|
||||||
|
),
|
||||||
|
)
|
||||||
|
}()
|
||||||
|
},
|
||||||
|
expectedInitial: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Targets: []model.LabelSet{
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "1.2.3.4:10250",
|
||||||
|
"instance": "test0",
|
||||||
|
"__meta_kubernetes_node_address_InternalIP": "1.2.3.4",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Labels: model.LabelSet{
|
||||||
|
"__meta_kubernetes_node_name": "test0",
|
||||||
|
},
|
||||||
|
Source: "node/test0",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedRes: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Targets: []model.LabelSet{
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "1.2.3.4:10250",
|
||||||
|
"instance": "test0",
|
||||||
|
"__meta_kubernetes_node_address_InternalIP": "1.2.3.4",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Labels: model.LabelSet{
|
||||||
|
"__meta_kubernetes_node_label_Unschedulable": "true",
|
||||||
|
"__meta_kubernetes_node_name": "test0",
|
||||||
|
},
|
||||||
|
Source: "node/test0",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}.Run(t)
|
||||||
|
}
|
|
@ -14,337 +14,164 @@
|
||||||
package kubernetes
|
package kubernetes
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
|
||||||
"encoding/json"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
|
||||||
"sort"
|
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/prometheus/common/log"
|
"github.com/prometheus/common/log"
|
||||||
"github.com/prometheus/common/model"
|
"github.com/prometheus/common/model"
|
||||||
"github.com/prometheus/prometheus/config"
|
"github.com/prometheus/prometheus/config"
|
||||||
"github.com/prometheus/prometheus/util/strutil"
|
"github.com/prometheus/prometheus/util/strutil"
|
||||||
"golang.org/x/net/context"
|
"golang.org/x/net/context"
|
||||||
|
"k8s.io/client-go/1.5/pkg/api"
|
||||||
|
apiv1 "k8s.io/client-go/1.5/pkg/api/v1"
|
||||||
|
"k8s.io/client-go/1.5/tools/cache"
|
||||||
)
|
)
|
||||||
|
|
||||||
type podDiscovery struct {
|
// Pod discovers new pod targets.
|
||||||
mtx sync.RWMutex
|
type Pod struct {
|
||||||
pods map[string]map[string]*Pod
|
informer cache.SharedInformer
|
||||||
retryInterval time.Duration
|
store cache.Store
|
||||||
kd *Discovery
|
logger log.Logger
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *podDiscovery) run(ctx context.Context, ch chan<- []*config.TargetGroup) {
|
// NewPod creates a new pod discovery.
|
||||||
pods, _, err := d.getPods()
|
func NewPod(l log.Logger, pods cache.SharedInformer) *Pod {
|
||||||
if err != nil {
|
return &Pod{
|
||||||
log.Errorf("Cannot initialize pods collection: %s", err)
|
informer: pods,
|
||||||
return
|
store: pods.GetStore(),
|
||||||
|
logger: l,
|
||||||
}
|
}
|
||||||
d.pods = pods
|
}
|
||||||
|
|
||||||
initial := []*config.TargetGroup{}
|
// Run implements the TargetProvider interface.
|
||||||
switch d.kd.Conf.Role {
|
func (p *Pod) Run(ctx context.Context, ch chan<- []*config.TargetGroup) {
|
||||||
case config.KubernetesRolePod:
|
// Send full initial set of pod targets.
|
||||||
initial = append(initial, d.updatePodsTargetGroup())
|
var initial []*config.TargetGroup
|
||||||
case config.KubernetesRoleContainer:
|
for _, o := range p.store.List() {
|
||||||
for _, ns := range d.pods {
|
tg := p.buildPod(o.(*apiv1.Pod))
|
||||||
for _, pod := range ns {
|
initial = append(initial, tg)
|
||||||
initial = append(initial, d.updateContainerTargetGroup(pod))
|
|
||||||
}
|
p.logger.With("tg", fmt.Sprintf("%#v", tg)).Debugln("initial pod")
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
select {
|
select {
|
||||||
case ch <- initial:
|
|
||||||
case <-ctx.Done():
|
case <-ctx.Done():
|
||||||
return
|
return
|
||||||
|
case ch <- initial:
|
||||||
}
|
}
|
||||||
|
|
||||||
update := make(chan *podEvent, 10)
|
// Send target groups for pod updates.
|
||||||
go d.watchPods(update, ctx.Done(), d.retryInterval)
|
send := func(tg *config.TargetGroup) {
|
||||||
|
p.logger.With("tg", fmt.Sprintf("%#v", tg)).Debugln("pod update")
|
||||||
for {
|
|
||||||
tgs := []*config.TargetGroup{}
|
|
||||||
select {
|
select {
|
||||||
case <-ctx.Done():
|
case <-ctx.Done():
|
||||||
return
|
case ch <- []*config.TargetGroup{tg}:
|
||||||
case e := <-update:
|
|
||||||
log.Debugf("k8s discovery received pod event (EventType=%s, Pod Name=%s)", e.EventType, e.Pod.ObjectMeta.Name)
|
|
||||||
d.updatePod(e.Pod, e.EventType)
|
|
||||||
|
|
||||||
switch d.kd.Conf.Role {
|
|
||||||
case config.KubernetesRoleContainer:
|
|
||||||
// Update the per-pod target group
|
|
||||||
tgs = append(tgs, d.updateContainerTargetGroup(e.Pod))
|
|
||||||
case config.KubernetesRolePod:
|
|
||||||
// Update the all pods target group
|
|
||||||
tgs = append(tgs, d.updatePodsTargetGroup())
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if tgs == nil {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, tg := range tgs {
|
|
||||||
select {
|
|
||||||
case ch <- []*config.TargetGroup{tg}:
|
|
||||||
case <-ctx.Done():
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
p.informer.AddEventHandler(cache.ResourceEventHandlerFuncs{
|
||||||
|
AddFunc: func(o interface{}) {
|
||||||
|
send(p.buildPod(o.(*apiv1.Pod)))
|
||||||
|
},
|
||||||
|
DeleteFunc: func(o interface{}) {
|
||||||
|
send(&config.TargetGroup{Source: podSource(o.(*apiv1.Pod))})
|
||||||
|
},
|
||||||
|
UpdateFunc: func(_, o interface{}) {
|
||||||
|
send(p.buildPod(o.(*apiv1.Pod)))
|
||||||
|
},
|
||||||
|
})
|
||||||
|
|
||||||
|
// Block until the target provider is explicitly canceled.
|
||||||
|
<-ctx.Done()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *podDiscovery) getPods() (map[string]map[string]*Pod, string, error) {
|
const (
|
||||||
res, err := d.kd.queryAPIServerPath(podsURL)
|
podNameLabel = metaLabelPrefix + "pod_name"
|
||||||
if err != nil {
|
podIPLabel = metaLabelPrefix + "pod_ip"
|
||||||
return nil, "", fmt.Errorf("unable to list Kubernetes pods: %s", err)
|
podContainerNameLabel = metaLabelPrefix + "pod_container_name"
|
||||||
}
|
podContainerPortNameLabel = metaLabelPrefix + "pod_container_port_name"
|
||||||
defer res.Body.Close()
|
podContainerPortNumberLabel = metaLabelPrefix + "pod_container_port_number"
|
||||||
if res.StatusCode != http.StatusOK {
|
podContainerPortProtocolLabel = metaLabelPrefix + "pod_container_port_protocol"
|
||||||
return nil, "", fmt.Errorf("unable to list Kubernetes pods; unexpected response: %d %s", res.StatusCode, res.Status)
|
podReadyLabel = metaLabelPrefix + "pod_ready"
|
||||||
|
podLabelPrefix = metaLabelPrefix + "pod_label_"
|
||||||
|
podAnnotationPrefix = metaLabelPrefix + "pod_annotation_"
|
||||||
|
podNodeNameLabel = metaLabelPrefix + "pod_node_name"
|
||||||
|
podHostIPLabel = metaLabelPrefix + "pod_host_ip"
|
||||||
|
)
|
||||||
|
|
||||||
|
func podLabels(pod *apiv1.Pod) model.LabelSet {
|
||||||
|
ls := model.LabelSet{
|
||||||
|
podNameLabel: lv(pod.ObjectMeta.Name),
|
||||||
|
podIPLabel: lv(pod.Status.PodIP),
|
||||||
|
podReadyLabel: podReady(pod),
|
||||||
|
podNodeNameLabel: lv(pod.Spec.NodeName),
|
||||||
|
podHostIPLabel: lv(pod.Status.HostIP),
|
||||||
}
|
}
|
||||||
|
|
||||||
var pods PodList
|
for k, v := range pod.Labels {
|
||||||
if err := json.NewDecoder(res.Body).Decode(&pods); err != nil {
|
ln := strutil.SanitizeLabelName(podLabelPrefix + k)
|
||||||
body, _ := ioutil.ReadAll(res.Body)
|
ls[model.LabelName(ln)] = lv(v)
|
||||||
return nil, "", fmt.Errorf("unable to list Kubernetes pods; unexpected response body: %s", string(body))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
podMap := map[string]map[string]*Pod{}
|
for k, v := range pod.Annotations {
|
||||||
for idx, pod := range pods.Items {
|
ln := strutil.SanitizeLabelName(podAnnotationPrefix + k)
|
||||||
if _, ok := podMap[pod.ObjectMeta.Namespace]; !ok {
|
ls[model.LabelName(ln)] = lv(v)
|
||||||
podMap[pod.ObjectMeta.Namespace] = map[string]*Pod{}
|
|
||||||
}
|
|
||||||
log.Debugf("Got pod %s in namespace %s", pod.ObjectMeta.Name, pod.ObjectMeta.Namespace)
|
|
||||||
podMap[pod.ObjectMeta.Namespace][pod.ObjectMeta.Name] = &pods.Items[idx]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return podMap, pods.ResourceVersion, nil
|
return ls
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *podDiscovery) watchPods(events chan *podEvent, done <-chan struct{}, retryInterval time.Duration) {
|
func (p *Pod) buildPod(pod *apiv1.Pod) *config.TargetGroup {
|
||||||
until(func() {
|
// During startup the pod may not have an IP yet. This does not even allow
|
||||||
pods, resourceVersion, err := d.getPods()
|
// for an up metric, so we skip the target.
|
||||||
if err != nil {
|
if len(pod.Status.PodIP) == 0 {
|
||||||
log.Errorf("Cannot initialize pods collection: %s", err)
|
return nil
|
||||||
return
|
|
||||||
}
|
|
||||||
d.mtx.Lock()
|
|
||||||
d.pods = pods
|
|
||||||
d.mtx.Unlock()
|
|
||||||
|
|
||||||
req, err := http.NewRequest("GET", podsURL, nil)
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("Cannot create pods request: %s", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
values := req.URL.Query()
|
|
||||||
values.Add("watch", "true")
|
|
||||||
values.Add("resourceVersion", resourceVersion)
|
|
||||||
req.URL.RawQuery = values.Encode()
|
|
||||||
res, err := d.kd.queryAPIServerReq(req)
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("Failed to watch pods: %s", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
defer res.Body.Close()
|
|
||||||
if res.StatusCode != http.StatusOK {
|
|
||||||
log.Errorf("Failed to watch pods: %d", res.StatusCode)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
d := json.NewDecoder(res.Body)
|
|
||||||
|
|
||||||
for {
|
|
||||||
var event podEvent
|
|
||||||
if err := d.Decode(&event); err != nil {
|
|
||||||
log.Errorf("Watch pods unexpectedly closed: %s", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
select {
|
|
||||||
case events <- &event:
|
|
||||||
case <-done:
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}, retryInterval, done)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (d *podDiscovery) updatePod(pod *Pod, eventType EventType) {
|
|
||||||
d.mtx.Lock()
|
|
||||||
defer d.mtx.Unlock()
|
|
||||||
|
|
||||||
switch eventType {
|
|
||||||
case Deleted:
|
|
||||||
if _, ok := d.pods[pod.ObjectMeta.Namespace]; ok {
|
|
||||||
delete(d.pods[pod.ObjectMeta.Namespace], pod.ObjectMeta.Name)
|
|
||||||
if len(d.pods[pod.ObjectMeta.Namespace]) == 0 {
|
|
||||||
delete(d.pods, pod.ObjectMeta.Namespace)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
case Added, Modified:
|
|
||||||
if _, ok := d.pods[pod.ObjectMeta.Namespace]; !ok {
|
|
||||||
d.pods[pod.ObjectMeta.Namespace] = map[string]*Pod{}
|
|
||||||
}
|
|
||||||
d.pods[pod.ObjectMeta.Namespace][pod.ObjectMeta.Name] = pod
|
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
func (d *podDiscovery) updateContainerTargetGroup(pod *Pod) *config.TargetGroup {
|
|
||||||
d.mtx.RLock()
|
|
||||||
defer d.mtx.RUnlock()
|
|
||||||
|
|
||||||
tg := &config.TargetGroup{
|
tg := &config.TargetGroup{
|
||||||
Source: podSource(pod),
|
Source: podSource(pod),
|
||||||
}
|
}
|
||||||
|
tg.Labels = podLabels(pod)
|
||||||
|
tg.Labels[namespaceLabel] = lv(pod.Namespace)
|
||||||
|
|
||||||
// If this pod doesn't exist, return an empty target group
|
for _, c := range pod.Spec.Containers {
|
||||||
if _, ok := d.pods[pod.ObjectMeta.Namespace]; !ok {
|
// If no ports are defined for the container, create an anonymous
|
||||||
return tg
|
// target per container.
|
||||||
}
|
if len(c.Ports) == 0 {
|
||||||
if _, ok := d.pods[pod.ObjectMeta.Namespace][pod.ObjectMeta.Name]; !ok {
|
// We don't have a port so we just set the address label to the pod IP.
|
||||||
return tg
|
// The user has to add a port manually.
|
||||||
}
|
tg.Targets = append(tg.Targets, model.LabelSet{
|
||||||
|
model.AddressLabel: lv(pod.Status.PodIP),
|
||||||
tg.Labels = model.LabelSet{
|
podContainerNameLabel: lv(c.Name),
|
||||||
roleLabel: model.LabelValue("container"),
|
})
|
||||||
}
|
|
||||||
tg.Targets = updatePodTargets(pod, true)
|
|
||||||
|
|
||||||
return tg
|
|
||||||
}
|
|
||||||
|
|
||||||
func (d *podDiscovery) updatePodsTargetGroup() *config.TargetGroup {
|
|
||||||
tg := &config.TargetGroup{
|
|
||||||
Source: podsTargetGroupName,
|
|
||||||
Labels: model.LabelSet{
|
|
||||||
roleLabel: model.LabelValue("pod"),
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, namespace := range d.pods {
|
|
||||||
for _, pod := range namespace {
|
|
||||||
tg.Targets = append(tg.Targets, updatePodTargets(pod, false)...)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return tg
|
|
||||||
}
|
|
||||||
|
|
||||||
func podSource(pod *Pod) string {
|
|
||||||
return sourcePodPrefix + ":" + pod.ObjectMeta.Namespace + ":" + pod.ObjectMeta.Name
|
|
||||||
}
|
|
||||||
|
|
||||||
func updatePodTargets(pod *Pod, allContainers bool) []model.LabelSet {
|
|
||||||
var targets []model.LabelSet = make([]model.LabelSet, 0, len(pod.PodSpec.Containers))
|
|
||||||
if pod.PodStatus.PodIP == "" {
|
|
||||||
log.Debugf("skipping pod %s -- PodStatus.PodIP is empty", pod.ObjectMeta.Name)
|
|
||||||
return targets
|
|
||||||
}
|
|
||||||
|
|
||||||
if pod.PodStatus.Phase != "Running" {
|
|
||||||
log.Debugf("skipping pod %s -- status is not `Running`", pod.ObjectMeta.Name)
|
|
||||||
return targets
|
|
||||||
}
|
|
||||||
|
|
||||||
// Should never hit this (running pods should always have this set), but better to be defensive.
|
|
||||||
if pod.PodStatus.HostIP == "" {
|
|
||||||
log.Debugf("skipping pod %s -- PodStatus.HostIP is empty", pod.ObjectMeta.Name)
|
|
||||||
return targets
|
|
||||||
}
|
|
||||||
|
|
||||||
ready := "unknown"
|
|
||||||
for _, cond := range pod.PodStatus.Conditions {
|
|
||||||
if strings.ToLower(cond.Type) == "ready" {
|
|
||||||
ready = strings.ToLower(cond.Status)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
sort.Sort(ByContainerName(pod.PodSpec.Containers))
|
|
||||||
|
|
||||||
for _, container := range pod.PodSpec.Containers {
|
|
||||||
// Collect a list of TCP ports
|
|
||||||
// Sort by port number, ascending
|
|
||||||
// Product a target pointed at the first port
|
|
||||||
// Include a label containing all ports (portName=port,PortName=port,...,)
|
|
||||||
var tcpPorts []ContainerPort
|
|
||||||
var portLabel *bytes.Buffer = bytes.NewBufferString(",")
|
|
||||||
|
|
||||||
for _, port := range container.Ports {
|
|
||||||
if port.Protocol == "TCP" {
|
|
||||||
tcpPorts = append(tcpPorts, port)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(tcpPorts) == 0 {
|
|
||||||
log.Debugf("skipping container %s with no TCP ports", container.Name)
|
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
// Otherwise create one target for each container/port combination.
|
||||||
|
for _, port := range c.Ports {
|
||||||
|
ports := strconv.FormatUint(uint64(port.ContainerPort), 10)
|
||||||
|
addr := net.JoinHostPort(pod.Status.PodIP, ports)
|
||||||
|
|
||||||
sort.Sort(ByContainerPort(tcpPorts))
|
tg.Targets = append(tg.Targets, model.LabelSet{
|
||||||
|
model.AddressLabel: lv(addr),
|
||||||
t := model.LabelSet{
|
podContainerNameLabel: lv(c.Name),
|
||||||
model.AddressLabel: model.LabelValue(net.JoinHostPort(pod.PodIP, strconv.FormatInt(int64(tcpPorts[0].ContainerPort), 10))),
|
podContainerPortNumberLabel: lv(ports),
|
||||||
podNameLabel: model.LabelValue(pod.ObjectMeta.Name),
|
podContainerPortNameLabel: lv(port.Name),
|
||||||
podAddressLabel: model.LabelValue(pod.PodStatus.PodIP),
|
podContainerPortProtocolLabel: lv(string(port.Protocol)),
|
||||||
podNamespaceLabel: model.LabelValue(pod.ObjectMeta.Namespace),
|
})
|
||||||
podContainerNameLabel: model.LabelValue(container.Name),
|
|
||||||
podContainerPortNameLabel: model.LabelValue(tcpPorts[0].Name),
|
|
||||||
podReadyLabel: model.LabelValue(ready),
|
|
||||||
podNodeNameLabel: model.LabelValue(pod.PodSpec.NodeName),
|
|
||||||
podHostIPLabel: model.LabelValue(pod.PodStatus.HostIP),
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, port := range tcpPorts {
|
|
||||||
portLabel.WriteString(port.Name)
|
|
||||||
portLabel.WriteString("=")
|
|
||||||
portLabel.WriteString(strconv.FormatInt(int64(port.ContainerPort), 10))
|
|
||||||
portLabel.WriteString(",")
|
|
||||||
t[model.LabelName(podContainerPortMapPrefix+port.Name)] = model.LabelValue(strconv.FormatInt(int64(port.ContainerPort), 10))
|
|
||||||
}
|
|
||||||
|
|
||||||
t[model.LabelName(podContainerPortListLabel)] = model.LabelValue(portLabel.String())
|
|
||||||
|
|
||||||
for k, v := range pod.ObjectMeta.Labels {
|
|
||||||
labelName := strutil.SanitizeLabelName(podLabelPrefix + k)
|
|
||||||
t[model.LabelName(labelName)] = model.LabelValue(v)
|
|
||||||
}
|
|
||||||
|
|
||||||
for k, v := range pod.ObjectMeta.Annotations {
|
|
||||||
labelName := strutil.SanitizeLabelName(podAnnotationPrefix + k)
|
|
||||||
t[model.LabelName(labelName)] = model.LabelValue(v)
|
|
||||||
}
|
|
||||||
|
|
||||||
targets = append(targets, t)
|
|
||||||
|
|
||||||
if !allContainers {
|
|
||||||
break
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(targets) == 0 {
|
return tg
|
||||||
log.Debugf("no targets for pod %s", pod.ObjectMeta.Name)
|
|
||||||
}
|
|
||||||
|
|
||||||
return targets
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type ByContainerPort []ContainerPort
|
func podSource(pod *apiv1.Pod) string {
|
||||||
|
return "pod/" + pod.Namespace + "/" + pod.Name
|
||||||
|
}
|
||||||
|
|
||||||
func (a ByContainerPort) Len() int { return len(a) }
|
func podReady(pod *apiv1.Pod) model.LabelValue {
|
||||||
func (a ByContainerPort) Less(i, j int) bool { return a[i].ContainerPort < a[j].ContainerPort }
|
for _, cond := range pod.Status.Conditions {
|
||||||
func (a ByContainerPort) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
|
if cond.Type == apiv1.PodReady {
|
||||||
|
return lv(strings.ToLower(string(cond.Status)))
|
||||||
type ByContainerName []Container
|
}
|
||||||
|
}
|
||||||
func (a ByContainerName) Len() int { return len(a) }
|
return lv(strings.ToLower(string(api.ConditionUnknown)))
|
||||||
func (a ByContainerName) Less(i, j int) bool { return a[i].Name < a[j].Name }
|
}
|
||||||
func (a ByContainerName) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
|
|
||||||
|
|
305
retrieval/discovery/kubernetes/pod_test.go
Normal file
305
retrieval/discovery/kubernetes/pod_test.go
Normal file
|
@ -0,0 +1,305 @@
|
||||||
|
// Copyright 2016 The Prometheus Authors
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package kubernetes
|
||||||
|
|
||||||
|
import (
|
||||||
|
//"fmt"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/prometheus/common/log"
|
||||||
|
"github.com/prometheus/common/model"
|
||||||
|
"github.com/prometheus/prometheus/config"
|
||||||
|
"k8s.io/client-go/1.5/pkg/api/v1"
|
||||||
|
)
|
||||||
|
|
||||||
|
func podStoreKeyFunc(obj interface{}) (string, error) {
|
||||||
|
return obj.(*v1.Pod).ObjectMeta.Name, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func newFakePodInformer() *fakeInformer {
|
||||||
|
return newFakeInformer(podStoreKeyFunc)
|
||||||
|
}
|
||||||
|
|
||||||
|
func makeTestPodDiscovery() (*Pod, *fakeInformer) {
|
||||||
|
i := newFakePodInformer()
|
||||||
|
return NewPod(log.Base(), i), i
|
||||||
|
}
|
||||||
|
|
||||||
|
func makeMultiPortPod() *v1.Pod {
|
||||||
|
return &v1.Pod{
|
||||||
|
ObjectMeta: v1.ObjectMeta{
|
||||||
|
Name: "testpod",
|
||||||
|
Namespace: "default",
|
||||||
|
Labels: map[string]string{"testlabel": "testvalue"},
|
||||||
|
Annotations: map[string]string{"testannotation": "testannotationvalue"},
|
||||||
|
},
|
||||||
|
Spec: v1.PodSpec{
|
||||||
|
NodeName: "testnode",
|
||||||
|
Containers: []v1.Container{
|
||||||
|
v1.Container{
|
||||||
|
Name: "testcontainer0",
|
||||||
|
Ports: []v1.ContainerPort{
|
||||||
|
v1.ContainerPort{
|
||||||
|
Name: "testport0",
|
||||||
|
Protocol: v1.ProtocolTCP,
|
||||||
|
ContainerPort: int32(9000),
|
||||||
|
},
|
||||||
|
v1.ContainerPort{
|
||||||
|
Name: "testport1",
|
||||||
|
Protocol: v1.ProtocolUDP,
|
||||||
|
ContainerPort: int32(9001),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
v1.Container{
|
||||||
|
Name: "testcontainer1",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Status: v1.PodStatus{
|
||||||
|
PodIP: "1.2.3.4",
|
||||||
|
HostIP: "2.3.4.5",
|
||||||
|
Conditions: []v1.PodCondition{
|
||||||
|
v1.PodCondition{
|
||||||
|
Type: v1.PodReady,
|
||||||
|
Status: v1.ConditionTrue,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func makePod() *v1.Pod {
|
||||||
|
return &v1.Pod{
|
||||||
|
ObjectMeta: v1.ObjectMeta{
|
||||||
|
Name: "testpod",
|
||||||
|
Namespace: "default",
|
||||||
|
},
|
||||||
|
Spec: v1.PodSpec{
|
||||||
|
NodeName: "testnode",
|
||||||
|
Containers: []v1.Container{
|
||||||
|
v1.Container{
|
||||||
|
Name: "testcontainer",
|
||||||
|
Ports: []v1.ContainerPort{
|
||||||
|
v1.ContainerPort{
|
||||||
|
Name: "testport",
|
||||||
|
Protocol: v1.ProtocolTCP,
|
||||||
|
ContainerPort: int32(9000),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Status: v1.PodStatus{
|
||||||
|
PodIP: "1.2.3.4",
|
||||||
|
HostIP: "2.3.4.5",
|
||||||
|
Conditions: []v1.PodCondition{
|
||||||
|
v1.PodCondition{
|
||||||
|
Type: v1.PodReady,
|
||||||
|
Status: v1.ConditionTrue,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestPodDiscoveryInitial(t *testing.T) {
|
||||||
|
n, i := makeTestPodDiscovery()
|
||||||
|
i.GetStore().Add(makeMultiPortPod())
|
||||||
|
|
||||||
|
k8sDiscoveryTest{
|
||||||
|
discovery: n,
|
||||||
|
expectedInitial: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Targets: []model.LabelSet{
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "1.2.3.4:9000",
|
||||||
|
"__meta_kubernetes_pod_container_name": "testcontainer0",
|
||||||
|
"__meta_kubernetes_pod_container_port_name": "testport0",
|
||||||
|
"__meta_kubernetes_pod_container_port_number": "9000",
|
||||||
|
"__meta_kubernetes_pod_container_port_protocol": "TCP",
|
||||||
|
},
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "1.2.3.4:9001",
|
||||||
|
"__meta_kubernetes_pod_container_name": "testcontainer0",
|
||||||
|
"__meta_kubernetes_pod_container_port_name": "testport1",
|
||||||
|
"__meta_kubernetes_pod_container_port_number": "9001",
|
||||||
|
"__meta_kubernetes_pod_container_port_protocol": "UDP",
|
||||||
|
},
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "1.2.3.4",
|
||||||
|
"__meta_kubernetes_pod_container_name": "testcontainer1",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Labels: model.LabelSet{
|
||||||
|
"__meta_kubernetes_pod_name": "testpod",
|
||||||
|
"__meta_kubernetes_namespace": "default",
|
||||||
|
"__meta_kubernetes_pod_label_testlabel": "testvalue",
|
||||||
|
"__meta_kubernetes_pod_annotation_testannotation": "testannotationvalue",
|
||||||
|
"__meta_kubernetes_pod_node_name": "testnode",
|
||||||
|
"__meta_kubernetes_pod_ip": "1.2.3.4",
|
||||||
|
"__meta_kubernetes_pod_host_ip": "2.3.4.5",
|
||||||
|
"__meta_kubernetes_pod_ready": "true",
|
||||||
|
},
|
||||||
|
Source: "pod/default/testpod",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}.Run(t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestPodDiscoveryAdd(t *testing.T) {
|
||||||
|
n, i := makeTestPodDiscovery()
|
||||||
|
|
||||||
|
k8sDiscoveryTest{
|
||||||
|
discovery: n,
|
||||||
|
afterStart: func() { go func() { i.Add(makePod()) }() },
|
||||||
|
expectedRes: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Targets: []model.LabelSet{
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "1.2.3.4:9000",
|
||||||
|
"__meta_kubernetes_pod_container_name": "testcontainer",
|
||||||
|
"__meta_kubernetes_pod_container_port_name": "testport",
|
||||||
|
"__meta_kubernetes_pod_container_port_number": "9000",
|
||||||
|
"__meta_kubernetes_pod_container_port_protocol": "TCP",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Labels: model.LabelSet{
|
||||||
|
"__meta_kubernetes_pod_name": "testpod",
|
||||||
|
"__meta_kubernetes_namespace": "default",
|
||||||
|
"__meta_kubernetes_pod_node_name": "testnode",
|
||||||
|
"__meta_kubernetes_pod_ip": "1.2.3.4",
|
||||||
|
"__meta_kubernetes_pod_host_ip": "2.3.4.5",
|
||||||
|
"__meta_kubernetes_pod_ready": "true",
|
||||||
|
},
|
||||||
|
Source: "pod/default/testpod",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}.Run(t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestPodDiscoveryDelete(t *testing.T) {
|
||||||
|
n, i := makeTestPodDiscovery()
|
||||||
|
i.GetStore().Add(makePod())
|
||||||
|
|
||||||
|
k8sDiscoveryTest{
|
||||||
|
discovery: n,
|
||||||
|
afterStart: func() { go func() { i.Delete(makePod()) }() },
|
||||||
|
expectedInitial: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Targets: []model.LabelSet{
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "1.2.3.4:9000",
|
||||||
|
"__meta_kubernetes_pod_container_name": "testcontainer",
|
||||||
|
"__meta_kubernetes_pod_container_port_name": "testport",
|
||||||
|
"__meta_kubernetes_pod_container_port_number": "9000",
|
||||||
|
"__meta_kubernetes_pod_container_port_protocol": "TCP",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Labels: model.LabelSet{
|
||||||
|
"__meta_kubernetes_pod_name": "testpod",
|
||||||
|
"__meta_kubernetes_namespace": "default",
|
||||||
|
"__meta_kubernetes_pod_node_name": "testnode",
|
||||||
|
"__meta_kubernetes_pod_ip": "1.2.3.4",
|
||||||
|
"__meta_kubernetes_pod_host_ip": "2.3.4.5",
|
||||||
|
"__meta_kubernetes_pod_ready": "true",
|
||||||
|
},
|
||||||
|
Source: "pod/default/testpod",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedRes: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Source: "pod/default/testpod",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}.Run(t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestPodDiscoveryUpdate(t *testing.T) {
|
||||||
|
n, i := makeTestPodDiscovery()
|
||||||
|
i.GetStore().Add(&v1.Pod{
|
||||||
|
ObjectMeta: v1.ObjectMeta{
|
||||||
|
Name: "testpod",
|
||||||
|
Namespace: "default",
|
||||||
|
},
|
||||||
|
Spec: v1.PodSpec{
|
||||||
|
NodeName: "testnode",
|
||||||
|
Containers: []v1.Container{
|
||||||
|
v1.Container{
|
||||||
|
Name: "testcontainer",
|
||||||
|
Ports: []v1.ContainerPort{
|
||||||
|
v1.ContainerPort{
|
||||||
|
Name: "testport",
|
||||||
|
Protocol: v1.ProtocolTCP,
|
||||||
|
ContainerPort: int32(9000),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Status: v1.PodStatus{
|
||||||
|
PodIP: "1.2.3.4",
|
||||||
|
HostIP: "2.3.4.5",
|
||||||
|
},
|
||||||
|
})
|
||||||
|
|
||||||
|
k8sDiscoveryTest{
|
||||||
|
discovery: n,
|
||||||
|
afterStart: func() { go func() { i.Update(makePod()) }() },
|
||||||
|
expectedInitial: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Targets: []model.LabelSet{
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "1.2.3.4:9000",
|
||||||
|
"__meta_kubernetes_pod_container_name": "testcontainer",
|
||||||
|
"__meta_kubernetes_pod_container_port_name": "testport",
|
||||||
|
"__meta_kubernetes_pod_container_port_number": "9000",
|
||||||
|
"__meta_kubernetes_pod_container_port_protocol": "TCP",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Labels: model.LabelSet{
|
||||||
|
"__meta_kubernetes_pod_name": "testpod",
|
||||||
|
"__meta_kubernetes_namespace": "default",
|
||||||
|
"__meta_kubernetes_pod_node_name": "testnode",
|
||||||
|
"__meta_kubernetes_pod_ip": "1.2.3.4",
|
||||||
|
"__meta_kubernetes_pod_host_ip": "2.3.4.5",
|
||||||
|
"__meta_kubernetes_pod_ready": "unknown",
|
||||||
|
},
|
||||||
|
Source: "pod/default/testpod",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedRes: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Targets: []model.LabelSet{
|
||||||
|
model.LabelSet{
|
||||||
|
"__address__": "1.2.3.4:9000",
|
||||||
|
"__meta_kubernetes_pod_container_name": "testcontainer",
|
||||||
|
"__meta_kubernetes_pod_container_port_name": "testport",
|
||||||
|
"__meta_kubernetes_pod_container_port_number": "9000",
|
||||||
|
"__meta_kubernetes_pod_container_port_protocol": "TCP",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Labels: model.LabelSet{
|
||||||
|
"__meta_kubernetes_pod_name": "testpod",
|
||||||
|
"__meta_kubernetes_namespace": "default",
|
||||||
|
"__meta_kubernetes_pod_node_name": "testnode",
|
||||||
|
"__meta_kubernetes_pod_ip": "1.2.3.4",
|
||||||
|
"__meta_kubernetes_pod_host_ip": "2.3.4.5",
|
||||||
|
"__meta_kubernetes_pod_ready": "true",
|
||||||
|
},
|
||||||
|
Source: "pod/default/testpod",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}.Run(t)
|
||||||
|
}
|
|
@ -14,357 +14,112 @@
|
||||||
package kubernetes
|
package kubernetes
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
|
||||||
"fmt"
|
|
||||||
"io/ioutil"
|
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"strconv"
|
||||||
"sync"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/prometheus/common/log"
|
"github.com/prometheus/common/log"
|
||||||
"github.com/prometheus/common/model"
|
"github.com/prometheus/common/model"
|
||||||
"github.com/prometheus/prometheus/config"
|
"github.com/prometheus/prometheus/config"
|
||||||
"github.com/prometheus/prometheus/util/strutil"
|
"github.com/prometheus/prometheus/util/strutil"
|
||||||
"golang.org/x/net/context"
|
"golang.org/x/net/context"
|
||||||
|
apiv1 "k8s.io/client-go/1.5/pkg/api/v1"
|
||||||
|
"k8s.io/client-go/1.5/tools/cache"
|
||||||
)
|
)
|
||||||
|
|
||||||
type serviceDiscovery struct {
|
// Service implements discovery of Kubernetes services.
|
||||||
mtx sync.RWMutex
|
type Service struct {
|
||||||
services map[string]map[string]*Service
|
logger log.Logger
|
||||||
retryInterval time.Duration
|
informer cache.SharedInformer
|
||||||
kd *Discovery
|
store cache.Store
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *serviceDiscovery) run(ctx context.Context, ch chan<- []*config.TargetGroup) {
|
// NewService returns a new service discovery.
|
||||||
update := make(chan interface{}, 10)
|
func NewService(l log.Logger, inf cache.SharedInformer) *Service {
|
||||||
go d.startServiceWatch(update, ctx.Done(), d.retryInterval)
|
return &Service{logger: l, informer: inf, store: inf.GetStore()}
|
||||||
|
}
|
||||||
|
|
||||||
for {
|
// Run implements the TargetProvider interface.
|
||||||
tgs := []*config.TargetGroup{}
|
func (s *Service) Run(ctx context.Context, ch chan<- []*config.TargetGroup) {
|
||||||
|
// Send full initial set of pod targets.
|
||||||
|
var initial []*config.TargetGroup
|
||||||
|
for _, o := range s.store.List() {
|
||||||
|
tg := s.buildService(o.(*apiv1.Service))
|
||||||
|
initial = append(initial, tg)
|
||||||
|
}
|
||||||
|
select {
|
||||||
|
case <-ctx.Done():
|
||||||
|
return
|
||||||
|
case ch <- initial:
|
||||||
|
}
|
||||||
|
|
||||||
|
// Send target groups for service updates.
|
||||||
|
send := func(tg *config.TargetGroup) {
|
||||||
select {
|
select {
|
||||||
case <-ctx.Done():
|
case <-ctx.Done():
|
||||||
return
|
case ch <- []*config.TargetGroup{tg}:
|
||||||
case event := <-update:
|
|
||||||
switch e := event.(type) {
|
|
||||||
case *endpointsEvent:
|
|
||||||
log.Debugf("k8s discovery received endpoint event (EventType=%s, Endpoint Name=%s)", e.EventType, e.Endpoints.ObjectMeta.Name)
|
|
||||||
tgs = append(tgs, d.updateServiceEndpoints(e.Endpoints, e.EventType))
|
|
||||||
case *serviceEvent:
|
|
||||||
log.Debugf("k8s discovery received service event (EventType=%s, Service Name=%s)", e.EventType, e.Service.ObjectMeta.Name)
|
|
||||||
tgs = append(tgs, d.updateService(e.Service, e.EventType))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if tgs == nil {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, tg := range tgs {
|
|
||||||
select {
|
|
||||||
case ch <- []*config.TargetGroup{tg}:
|
|
||||||
case <-ctx.Done():
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
s.informer.AddEventHandler(cache.ResourceEventHandlerFuncs{
|
||||||
}
|
AddFunc: func(o interface{}) {
|
||||||
|
send(s.buildService(o.(*apiv1.Service)))
|
||||||
func (d *serviceDiscovery) getServices() (map[string]map[string]*Service, string, error) {
|
|
||||||
res, err := d.kd.queryAPIServerPath(servicesURL)
|
|
||||||
if err != nil {
|
|
||||||
// If we can't list services then we can't watch them. Assume this is a misconfiguration
|
|
||||||
// & return error.
|
|
||||||
return nil, "", fmt.Errorf("unable to list Kubernetes services: %s", err)
|
|
||||||
}
|
|
||||||
defer res.Body.Close()
|
|
||||||
if res.StatusCode != http.StatusOK {
|
|
||||||
return nil, "", fmt.Errorf("unable to list Kubernetes services; unexpected response: %d %s", res.StatusCode, res.Status)
|
|
||||||
}
|
|
||||||
var services ServiceList
|
|
||||||
if err := json.NewDecoder(res.Body).Decode(&services); err != nil {
|
|
||||||
body, _ := ioutil.ReadAll(res.Body)
|
|
||||||
return nil, "", fmt.Errorf("unable to list Kubernetes services; unexpected response body: %s", string(body))
|
|
||||||
}
|
|
||||||
|
|
||||||
serviceMap := map[string]map[string]*Service{}
|
|
||||||
for idx, service := range services.Items {
|
|
||||||
namespace, ok := serviceMap[service.ObjectMeta.Namespace]
|
|
||||||
if !ok {
|
|
||||||
namespace = map[string]*Service{}
|
|
||||||
serviceMap[service.ObjectMeta.Namespace] = namespace
|
|
||||||
}
|
|
||||||
namespace[service.ObjectMeta.Name] = &services.Items[idx]
|
|
||||||
}
|
|
||||||
|
|
||||||
return serviceMap, services.ResourceVersion, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// watchServices watches services as they come & go.
|
|
||||||
func (d *serviceDiscovery) startServiceWatch(events chan<- interface{}, done <-chan struct{}, retryInterval time.Duration) {
|
|
||||||
until(func() {
|
|
||||||
// We use separate target groups for each discovered service so we'll need to clean up any if they've been deleted
|
|
||||||
// in Kubernetes while we couldn't connect - small chance of this, but worth dealing with.
|
|
||||||
d.mtx.Lock()
|
|
||||||
existingServices := d.services
|
|
||||||
|
|
||||||
// Reset the known services.
|
|
||||||
d.services = map[string]map[string]*Service{}
|
|
||||||
d.mtx.Unlock()
|
|
||||||
|
|
||||||
services, resourceVersion, err := d.getServices()
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("Cannot initialize services collection: %s", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Now let's loop through the old services & see if they still exist in here
|
|
||||||
for oldNSName, oldNS := range existingServices {
|
|
||||||
if ns, ok := services[oldNSName]; !ok {
|
|
||||||
for _, service := range existingServices[oldNSName] {
|
|
||||||
events <- &serviceEvent{Deleted, service}
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
for oldServiceName, oldService := range oldNS {
|
|
||||||
if _, ok := ns[oldServiceName]; !ok {
|
|
||||||
events <- &serviceEvent{Deleted, oldService}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Discard the existing services map for GC.
|
|
||||||
existingServices = nil
|
|
||||||
|
|
||||||
for _, ns := range services {
|
|
||||||
for _, service := range ns {
|
|
||||||
events <- &serviceEvent{Added, service}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
var wg sync.WaitGroup
|
|
||||||
wg.Add(2)
|
|
||||||
|
|
||||||
go func() {
|
|
||||||
d.watchServices(resourceVersion, events, done)
|
|
||||||
wg.Done()
|
|
||||||
}()
|
|
||||||
go func() {
|
|
||||||
d.watchServiceEndpoints(resourceVersion, events, done)
|
|
||||||
wg.Done()
|
|
||||||
}()
|
|
||||||
|
|
||||||
wg.Wait()
|
|
||||||
}, retryInterval, done)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (d *serviceDiscovery) watchServices(resourceVersion string, events chan<- interface{}, done <-chan struct{}) {
|
|
||||||
req, err := http.NewRequest("GET", servicesURL, nil)
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("Failed to create services request: %s", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
values := req.URL.Query()
|
|
||||||
values.Add("watch", "true")
|
|
||||||
values.Add("resourceVersion", resourceVersion)
|
|
||||||
req.URL.RawQuery = values.Encode()
|
|
||||||
|
|
||||||
res, err := d.kd.queryAPIServerReq(req)
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("Failed to watch services: %s", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
defer res.Body.Close()
|
|
||||||
if res.StatusCode != http.StatusOK {
|
|
||||||
log.Errorf("Failed to watch services: %d", res.StatusCode)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
dec := json.NewDecoder(res.Body)
|
|
||||||
|
|
||||||
for {
|
|
||||||
var event serviceEvent
|
|
||||||
if err := dec.Decode(&event); err != nil {
|
|
||||||
log.Errorf("Watch services unexpectedly closed: %s", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
select {
|
|
||||||
case events <- &event:
|
|
||||||
case <-done:
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// watchServiceEndpoints watches service endpoints as they come & go.
|
|
||||||
func (d *serviceDiscovery) watchServiceEndpoints(resourceVersion string, events chan<- interface{}, done <-chan struct{}) {
|
|
||||||
req, err := http.NewRequest("GET", endpointsURL, nil)
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("Failed to create service endpoints request: %s", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
values := req.URL.Query()
|
|
||||||
values.Add("watch", "true")
|
|
||||||
values.Add("resourceVersion", resourceVersion)
|
|
||||||
req.URL.RawQuery = values.Encode()
|
|
||||||
|
|
||||||
res, err := d.kd.queryAPIServerReq(req)
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("Failed to watch service endpoints: %s", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
defer res.Body.Close()
|
|
||||||
if res.StatusCode != http.StatusOK {
|
|
||||||
log.Errorf("Failed to watch service endpoints: %d", res.StatusCode)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
dec := json.NewDecoder(res.Body)
|
|
||||||
|
|
||||||
for {
|
|
||||||
var event endpointsEvent
|
|
||||||
if err := dec.Decode(&event); err != nil {
|
|
||||||
log.Errorf("Watch service endpoints unexpectedly closed: %s", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
select {
|
|
||||||
case events <- &event:
|
|
||||||
case <-done:
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (d *serviceDiscovery) updateService(service *Service, eventType EventType) *config.TargetGroup {
|
|
||||||
d.mtx.Lock()
|
|
||||||
defer d.mtx.Unlock()
|
|
||||||
|
|
||||||
switch eventType {
|
|
||||||
case Deleted:
|
|
||||||
return d.deleteService(service)
|
|
||||||
case Added, Modified:
|
|
||||||
return d.addService(service)
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (d *serviceDiscovery) deleteService(service *Service) *config.TargetGroup {
|
|
||||||
tg := &config.TargetGroup{Source: serviceSource(service)}
|
|
||||||
|
|
||||||
delete(d.services[service.ObjectMeta.Namespace], service.ObjectMeta.Name)
|
|
||||||
if len(d.services[service.ObjectMeta.Namespace]) == 0 {
|
|
||||||
delete(d.services, service.ObjectMeta.Namespace)
|
|
||||||
}
|
|
||||||
|
|
||||||
return tg
|
|
||||||
}
|
|
||||||
|
|
||||||
func (d *serviceDiscovery) addService(service *Service) *config.TargetGroup {
|
|
||||||
namespace, ok := d.services[service.ObjectMeta.Namespace]
|
|
||||||
if !ok {
|
|
||||||
namespace = map[string]*Service{}
|
|
||||||
d.services[service.ObjectMeta.Namespace] = namespace
|
|
||||||
}
|
|
||||||
|
|
||||||
namespace[service.ObjectMeta.Name] = service
|
|
||||||
endpointURL := fmt.Sprintf(serviceEndpointsURL, service.ObjectMeta.Namespace, service.ObjectMeta.Name)
|
|
||||||
|
|
||||||
res, err := d.kd.queryAPIServerPath(endpointURL)
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("Error getting service endpoints: %s", err)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
defer res.Body.Close()
|
|
||||||
if res.StatusCode != http.StatusOK {
|
|
||||||
log.Errorf("Failed to get service endpoints: %d", res.StatusCode)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
var eps Endpoints
|
|
||||||
if err := json.NewDecoder(res.Body).Decode(&eps); err != nil {
|
|
||||||
log.Errorf("Error getting service endpoints: %s", err)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
return d.updateServiceTargetGroup(service, &eps)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (d *serviceDiscovery) updateServiceTargetGroup(service *Service, eps *Endpoints) *config.TargetGroup {
|
|
||||||
tg := &config.TargetGroup{
|
|
||||||
Source: serviceSource(service),
|
|
||||||
Labels: model.LabelSet{
|
|
||||||
serviceNamespaceLabel: model.LabelValue(service.ObjectMeta.Namespace),
|
|
||||||
serviceNameLabel: model.LabelValue(service.ObjectMeta.Name),
|
|
||||||
},
|
},
|
||||||
|
DeleteFunc: func(o interface{}) {
|
||||||
|
send(&config.TargetGroup{Source: serviceSource(o.(*apiv1.Service))})
|
||||||
|
},
|
||||||
|
UpdateFunc: func(_, o interface{}) {
|
||||||
|
send(s.buildService(o.(*apiv1.Service)))
|
||||||
|
},
|
||||||
|
})
|
||||||
|
|
||||||
|
// Block until the target provider is explicitly canceled.
|
||||||
|
<-ctx.Done()
|
||||||
|
}
|
||||||
|
|
||||||
|
func serviceSource(s *apiv1.Service) string {
|
||||||
|
return "svc/" + s.Namespace + "/" + s.Name
|
||||||
|
}
|
||||||
|
|
||||||
|
const (
|
||||||
|
serviceNameLabel = metaLabelPrefix + "service_name"
|
||||||
|
serviceLabelPrefix = metaLabelPrefix + "service_label_"
|
||||||
|
serviceAnnotationPrefix = metaLabelPrefix + "service_annotation_"
|
||||||
|
servicePortNameLabel = metaLabelPrefix + "service_port_name"
|
||||||
|
servicePortProtocolLabel = metaLabelPrefix + "service_port_protocol"
|
||||||
|
)
|
||||||
|
|
||||||
|
func serviceLabels(svc *apiv1.Service) model.LabelSet {
|
||||||
|
ls := make(model.LabelSet, len(svc.Labels)+len(svc.Annotations)+2)
|
||||||
|
|
||||||
|
ls[serviceNameLabel] = lv(svc.Name)
|
||||||
|
|
||||||
|
for k, v := range svc.Labels {
|
||||||
|
ln := strutil.SanitizeLabelName(serviceLabelPrefix + k)
|
||||||
|
ls[model.LabelName(ln)] = lv(v)
|
||||||
}
|
}
|
||||||
|
|
||||||
for k, v := range service.ObjectMeta.Labels {
|
for k, v := range svc.Annotations {
|
||||||
labelName := strutil.SanitizeLabelName(serviceLabelPrefix + k)
|
ln := strutil.SanitizeLabelName(serviceAnnotationPrefix + k)
|
||||||
tg.Labels[model.LabelName(labelName)] = model.LabelValue(v)
|
ls[model.LabelName(ln)] = lv(v)
|
||||||
}
|
}
|
||||||
|
return ls
|
||||||
|
}
|
||||||
|
|
||||||
for k, v := range service.ObjectMeta.Annotations {
|
func (s *Service) buildService(svc *apiv1.Service) *config.TargetGroup {
|
||||||
labelName := strutil.SanitizeLabelName(serviceAnnotationPrefix + k)
|
tg := &config.TargetGroup{
|
||||||
tg.Labels[model.LabelName(labelName)] = model.LabelValue(v)
|
Source: serviceSource(svc),
|
||||||
}
|
}
|
||||||
|
tg.Labels = serviceLabels(svc)
|
||||||
|
tg.Labels[namespaceLabel] = lv(svc.Namespace)
|
||||||
|
|
||||||
serviceAddress := service.ObjectMeta.Name + "." + service.ObjectMeta.Namespace + ".svc"
|
for _, port := range svc.Spec.Ports {
|
||||||
|
addr := net.JoinHostPort(svc.Name+"."+svc.Namespace+".svc", strconv.FormatInt(int64(port.Port), 10))
|
||||||
|
|
||||||
// Append the first TCP service port if one exists.
|
tg.Targets = append(tg.Targets, model.LabelSet{
|
||||||
for _, port := range service.Spec.Ports {
|
model.AddressLabel: lv(addr),
|
||||||
if port.Protocol == ProtocolTCP {
|
servicePortNameLabel: lv(port.Name),
|
||||||
serviceAddress += fmt.Sprintf(":%d", port.Port)
|
servicePortProtocolLabel: lv(string(port.Protocol)),
|
||||||
break
|
})
|
||||||
}
|
|
||||||
}
|
|
||||||
switch d.kd.Conf.Role {
|
|
||||||
case config.KubernetesRoleService:
|
|
||||||
t := model.LabelSet{
|
|
||||||
model.AddressLabel: model.LabelValue(serviceAddress),
|
|
||||||
roleLabel: model.LabelValue("service"),
|
|
||||||
}
|
|
||||||
tg.Targets = append(tg.Targets, t)
|
|
||||||
|
|
||||||
case config.KubernetesRoleEndpoint:
|
|
||||||
// Now let's loop through the endpoints & add them to the target group
|
|
||||||
// with appropriate labels.
|
|
||||||
for _, ss := range eps.Subsets {
|
|
||||||
epPort := ss.Ports[0].Port
|
|
||||||
|
|
||||||
for _, addr := range ss.Addresses {
|
|
||||||
ipAddr := addr.IP
|
|
||||||
if len(ipAddr) == net.IPv6len {
|
|
||||||
ipAddr = "[" + ipAddr + "]"
|
|
||||||
}
|
|
||||||
address := net.JoinHostPort(ipAddr, fmt.Sprintf("%d", epPort))
|
|
||||||
|
|
||||||
t := model.LabelSet{
|
|
||||||
model.AddressLabel: model.LabelValue(address),
|
|
||||||
roleLabel: model.LabelValue("endpoint"),
|
|
||||||
}
|
|
||||||
|
|
||||||
tg.Targets = append(tg.Targets, t)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return tg
|
return tg
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *serviceDiscovery) updateServiceEndpoints(endpoints *Endpoints, eventType EventType) *config.TargetGroup {
|
|
||||||
d.mtx.Lock()
|
|
||||||
defer d.mtx.Unlock()
|
|
||||||
|
|
||||||
serviceNamespace := endpoints.ObjectMeta.Namespace
|
|
||||||
serviceName := endpoints.ObjectMeta.Name
|
|
||||||
|
|
||||||
if service, ok := d.services[serviceNamespace][serviceName]; ok {
|
|
||||||
return d.updateServiceTargetGroup(service, endpoints)
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func serviceSource(service *Service) string {
|
|
||||||
return sourceServicePrefix + ":" + service.ObjectMeta.Namespace + "/" + service.ObjectMeta.Name
|
|
||||||
}
|
|
||||||
|
|
221
retrieval/discovery/kubernetes/service_test.go
Normal file
221
retrieval/discovery/kubernetes/service_test.go
Normal file
|
@ -0,0 +1,221 @@
|
||||||
|
// Copyright 2016 The Prometheus Authors
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package kubernetes
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/prometheus/common/log"
|
||||||
|
"github.com/prometheus/common/model"
|
||||||
|
"github.com/prometheus/prometheus/config"
|
||||||
|
"k8s.io/client-go/1.5/pkg/api/v1"
|
||||||
|
)
|
||||||
|
|
||||||
|
func serviceStoreKeyFunc(obj interface{}) (string, error) {
|
||||||
|
return obj.(*v1.Service).ObjectMeta.Name, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func newFakeServiceInformer() *fakeInformer {
|
||||||
|
return newFakeInformer(serviceStoreKeyFunc)
|
||||||
|
}
|
||||||
|
|
||||||
|
func makeTestServiceDiscovery() (*Service, *fakeInformer) {
|
||||||
|
i := newFakeServiceInformer()
|
||||||
|
return NewService(log.Base(), i), i
|
||||||
|
}
|
||||||
|
|
||||||
|
func makeMultiPortService() *v1.Service {
|
||||||
|
return &v1.Service{
|
||||||
|
ObjectMeta: v1.ObjectMeta{
|
||||||
|
Name: "testservice",
|
||||||
|
Namespace: "default",
|
||||||
|
Labels: map[string]string{"testlabel": "testvalue"},
|
||||||
|
Annotations: map[string]string{"testannotation": "testannotationvalue"},
|
||||||
|
},
|
||||||
|
Spec: v1.ServiceSpec{
|
||||||
|
Ports: []v1.ServicePort{
|
||||||
|
v1.ServicePort{
|
||||||
|
Name: "testport0",
|
||||||
|
Protocol: v1.ProtocolTCP,
|
||||||
|
Port: int32(30900),
|
||||||
|
},
|
||||||
|
v1.ServicePort{
|
||||||
|
Name: "testport1",
|
||||||
|
Protocol: v1.ProtocolUDP,
|
||||||
|
Port: int32(30901),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func makeSuffixedService(suffix string) *v1.Service {
|
||||||
|
return &v1.Service{
|
||||||
|
ObjectMeta: v1.ObjectMeta{
|
||||||
|
Name: fmt.Sprintf("testservice%s", suffix),
|
||||||
|
Namespace: "default",
|
||||||
|
},
|
||||||
|
Spec: v1.ServiceSpec{
|
||||||
|
Ports: []v1.ServicePort{
|
||||||
|
v1.ServicePort{
|
||||||
|
Name: "testport",
|
||||||
|
Protocol: v1.ProtocolTCP,
|
||||||
|
Port: int32(30900),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func makeService() *v1.Service {
|
||||||
|
return makeSuffixedService("")
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestServiceDiscoveryInitial(t *testing.T) {
|
||||||
|
n, i := makeTestServiceDiscovery()
|
||||||
|
i.GetStore().Add(makeMultiPortService())
|
||||||
|
|
||||||
|
k8sDiscoveryTest{
|
||||||
|
discovery: n,
|
||||||
|
expectedInitial: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Targets: []model.LabelSet{
|
||||||
|
model.LabelSet{
|
||||||
|
"__meta_kubernetes_service_port_protocol": "TCP",
|
||||||
|
"__address__": "testservice.default.svc:30900",
|
||||||
|
"__meta_kubernetes_service_port_name": "testport0",
|
||||||
|
},
|
||||||
|
model.LabelSet{
|
||||||
|
"__meta_kubernetes_service_port_protocol": "UDP",
|
||||||
|
"__address__": "testservice.default.svc:30901",
|
||||||
|
"__meta_kubernetes_service_port_name": "testport1",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Labels: model.LabelSet{
|
||||||
|
"__meta_kubernetes_service_name": "testservice",
|
||||||
|
"__meta_kubernetes_namespace": "default",
|
||||||
|
"__meta_kubernetes_service_label_testlabel": "testvalue",
|
||||||
|
"__meta_kubernetes_service_annotation_testannotation": "testannotationvalue",
|
||||||
|
},
|
||||||
|
Source: "svc/default/testservice",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}.Run(t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestServiceDiscoveryAdd(t *testing.T) {
|
||||||
|
n, i := makeTestServiceDiscovery()
|
||||||
|
|
||||||
|
k8sDiscoveryTest{
|
||||||
|
discovery: n,
|
||||||
|
afterStart: func() { go func() { i.Add(makeService()) }() },
|
||||||
|
expectedRes: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Targets: []model.LabelSet{
|
||||||
|
model.LabelSet{
|
||||||
|
"__meta_kubernetes_service_port_protocol": "TCP",
|
||||||
|
"__address__": "testservice.default.svc:30900",
|
||||||
|
"__meta_kubernetes_service_port_name": "testport",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Labels: model.LabelSet{
|
||||||
|
"__meta_kubernetes_service_name": "testservice",
|
||||||
|
"__meta_kubernetes_namespace": "default",
|
||||||
|
},
|
||||||
|
Source: "svc/default/testservice",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}.Run(t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestServiceDiscoveryDelete(t *testing.T) {
|
||||||
|
n, i := makeTestServiceDiscovery()
|
||||||
|
i.GetStore().Add(makeService())
|
||||||
|
|
||||||
|
k8sDiscoveryTest{
|
||||||
|
discovery: n,
|
||||||
|
afterStart: func() { go func() { i.Delete(makeService()) }() },
|
||||||
|
expectedInitial: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Targets: []model.LabelSet{
|
||||||
|
model.LabelSet{
|
||||||
|
"__meta_kubernetes_service_port_protocol": "TCP",
|
||||||
|
"__address__": "testservice.default.svc:30900",
|
||||||
|
"__meta_kubernetes_service_port_name": "testport",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Labels: model.LabelSet{
|
||||||
|
"__meta_kubernetes_service_name": "testservice",
|
||||||
|
"__meta_kubernetes_namespace": "default",
|
||||||
|
},
|
||||||
|
Source: "svc/default/testservice",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedRes: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Source: "svc/default/testservice",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}.Run(t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestServiceDiscoveryUpdate(t *testing.T) {
|
||||||
|
n, i := makeTestServiceDiscovery()
|
||||||
|
i.GetStore().Add(makeService())
|
||||||
|
|
||||||
|
k8sDiscoveryTest{
|
||||||
|
discovery: n,
|
||||||
|
afterStart: func() { go func() { i.Update(makeMultiPortService()) }() },
|
||||||
|
expectedInitial: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Targets: []model.LabelSet{
|
||||||
|
model.LabelSet{
|
||||||
|
"__meta_kubernetes_service_port_protocol": "TCP",
|
||||||
|
"__address__": "testservice.default.svc:30900",
|
||||||
|
"__meta_kubernetes_service_port_name": "testport",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Labels: model.LabelSet{
|
||||||
|
"__meta_kubernetes_service_name": "testservice",
|
||||||
|
"__meta_kubernetes_namespace": "default",
|
||||||
|
},
|
||||||
|
Source: "svc/default/testservice",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedRes: []*config.TargetGroup{
|
||||||
|
&config.TargetGroup{
|
||||||
|
Targets: []model.LabelSet{
|
||||||
|
model.LabelSet{
|
||||||
|
"__meta_kubernetes_service_port_protocol": "TCP",
|
||||||
|
"__address__": "testservice.default.svc:30900",
|
||||||
|
"__meta_kubernetes_service_port_name": "testport0",
|
||||||
|
},
|
||||||
|
model.LabelSet{
|
||||||
|
"__meta_kubernetes_service_port_protocol": "UDP",
|
||||||
|
"__address__": "testservice.default.svc:30901",
|
||||||
|
"__meta_kubernetes_service_port_name": "testport1",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Labels: model.LabelSet{
|
||||||
|
"__meta_kubernetes_service_name": "testservice",
|
||||||
|
"__meta_kubernetes_namespace": "default",
|
||||||
|
"__meta_kubernetes_service_label_testlabel": "testvalue",
|
||||||
|
"__meta_kubernetes_service_annotation_testannotation": "testannotationvalue",
|
||||||
|
},
|
||||||
|
Source: "svc/default/testservice",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}.Run(t)
|
||||||
|
}
|
|
@ -1,299 +0,0 @@
|
||||||
// Copyright 2015 The Prometheus Authors
|
|
||||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
// you may not use this file except in compliance with the License.
|
|
||||||
// You may obtain a copy of the License at
|
|
||||||
//
|
|
||||||
// http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
//
|
|
||||||
// Unless required by applicable law or agreed to in writing, software
|
|
||||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
// See the License for the specific language governing permissions and
|
|
||||||
// limitations under the License.
|
|
||||||
|
|
||||||
package kubernetes
|
|
||||||
|
|
||||||
// EventType can legally only have the values defined as constants below.
|
|
||||||
type EventType string
|
|
||||||
|
|
||||||
// Possible values for EventType.
|
|
||||||
const (
|
|
||||||
Added EventType = "ADDED"
|
|
||||||
Modified EventType = "MODIFIED"
|
|
||||||
Deleted EventType = "DELETED"
|
|
||||||
)
|
|
||||||
|
|
||||||
type nodeEvent struct {
|
|
||||||
EventType EventType `json:"type"`
|
|
||||||
Node *Node `json:"object"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type serviceEvent struct {
|
|
||||||
EventType EventType `json:"type"`
|
|
||||||
Service *Service `json:"object"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type endpointsEvent struct {
|
|
||||||
EventType EventType `json:"type"`
|
|
||||||
Endpoints *Endpoints `json:"object"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// From here down types are copied from
|
|
||||||
// https://github.com/GoogleCloudPlatform/kubernetes/blob/master/pkg/api/v1/types.go
|
|
||||||
// with all currently irrelevant types/fields stripped out. This removes the
|
|
||||||
// need for any kubernetes dependencies, with the drawback of having to keep
|
|
||||||
// this file up to date.
|
|
||||||
|
|
||||||
// ListMeta describes metadata that synthetic resources must have, including lists and
|
|
||||||
// various status objects.
|
|
||||||
type ListMeta struct {
|
|
||||||
// An opaque value that represents the version of this response for use with optimistic
|
|
||||||
// concurrency and change monitoring endpoints. Clients must treat these values as opaque
|
|
||||||
// and values may only be valid for a particular resource or set of resources. Only servers
|
|
||||||
// will generate resource versions.
|
|
||||||
ResourceVersion string `json:"resourceVersion,omitempty" description:"string that identifies the internal version of this object that can be used by clients to determine when objects have changed; populated by the system, read-only; value must be treated as opaque by clients and passed unmodified back to the server: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#concurrency-control-and-consistency"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// ObjectMeta is metadata that all persisted resources must have, which includes all objects
|
|
||||||
// users must create.
|
|
||||||
type ObjectMeta struct {
|
|
||||||
// Name is unique within a namespace. Name is required when creating resources, although
|
|
||||||
// some resources may allow a client to request the generation of an appropriate name
|
|
||||||
// automatically. Name is primarily intended for creation idempotence and configuration
|
|
||||||
// definition.
|
|
||||||
Name string `json:"name,omitempty" description:"string that identifies an object. Must be unique within a namespace; cannot be updated; see http://releases.k8s.io/HEAD/docs/user-guide/identifiers.md#names"`
|
|
||||||
|
|
||||||
// Namespace defines the space within which name must be unique. An empty namespace is
|
|
||||||
// equivalent to the "default" namespace, but "default" is the canonical representation.
|
|
||||||
// Not all objects are required to be scoped to a namespace - the value of this field for
|
|
||||||
// those objects will be empty.
|
|
||||||
Namespace string `json:"namespace,omitempty" description:"namespace of the object; must be a DNS_LABEL; cannot be updated; see http://releases.k8s.io/HEAD/docs/user-guide/namespaces.md"`
|
|
||||||
|
|
||||||
ResourceVersion string `json:"resourceVersion,omitempty" description:"string that identifies the internal version of this object that can be used by clients to determine when objects have changed; populated by the system, read-only; value must be treated as opaque by clients and passed unmodified back to the server: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#concurrency-control-and-consistency"`
|
|
||||||
|
|
||||||
// TODO: replace map[string]string with labels.LabelSet type
|
|
||||||
Labels map[string]string `json:"labels,omitempty" description:"map of string keys and values that can be used to organize and categorize objects; may match selectors of replication controllers and services; see http://releases.k8s.io/HEAD/docs/user-guide/labels.md"`
|
|
||||||
|
|
||||||
// Annotations are unstructured key value data stored with a resource that may be set by
|
|
||||||
// external tooling. They are not queryable and should be preserved when modifying
|
|
||||||
// objects.
|
|
||||||
Annotations map[string]string `json:"annotations,omitempty" description:"map of string keys and values that can be used by external tooling to store and retrieve arbitrary metadata about objects; see http://releases.k8s.io/HEAD/docs/user-guide/annotations.md"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Protocol defines network protocols supported for things like container ports.
|
|
||||||
type Protocol string
|
|
||||||
|
|
||||||
const (
|
|
||||||
// ProtocolTCP is the TCP protocol.
|
|
||||||
ProtocolTCP Protocol = "TCP"
|
|
||||||
// ProtocolUDP is the UDP protocol.
|
|
||||||
ProtocolUDP Protocol = "UDP"
|
|
||||||
)
|
|
||||||
|
|
||||||
const (
|
|
||||||
// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces
|
|
||||||
NamespaceAll string = ""
|
|
||||||
)
|
|
||||||
|
|
||||||
// Container represents a single container that is expected to be run on the host.
|
|
||||||
type Container struct {
|
|
||||||
// Required: This must be a DNS_LABEL. Each container in a pod must
|
|
||||||
// have a unique name.
|
|
||||||
Name string `json:"name" description:"name of the container; must be a DNS_LABEL and unique within the pod; cannot be updated"`
|
|
||||||
// Optional.
|
|
||||||
Image string `json:"image,omitempty" description:"Docker image name; see http://releases.k8s.io/HEAD/docs/user-guide/images.md"`
|
|
||||||
|
|
||||||
Ports []ContainerPort `json:"ports"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type ContainerPort struct {
|
|
||||||
Name string `json:"name"`
|
|
||||||
ContainerPort int32 `json:"containerPort"`
|
|
||||||
Protocol string `json:"protocol"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Service is a named abstraction of software service (for example, mysql) consisting of local port
|
|
||||||
// (for example 3306) that the proxy listens on, and the selector that determines which pods
|
|
||||||
// will answer requests sent through the proxy.
|
|
||||||
type Service struct {
|
|
||||||
ObjectMeta `json:"metadata,omitempty" description:"standard object metadata; see http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata"`
|
|
||||||
|
|
||||||
// Spec defines the behavior of a service.
|
|
||||||
// http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
|
|
||||||
Spec ServiceSpec `json:"spec,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// ServiceSpec describes the attributes that a user creates on a service.
|
|
||||||
type ServiceSpec struct {
|
|
||||||
// The list of ports that are exposed by this service.
|
|
||||||
// More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#virtual-ips-and-service-proxies
|
|
||||||
Ports []ServicePort `json:"ports"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// ServicePort contains information on service's port.
|
|
||||||
type ServicePort struct {
|
|
||||||
// The IP protocol for this port. Supports "TCP" and "UDP".
|
|
||||||
// Default is TCP.
|
|
||||||
Protocol Protocol `json:"protocol,omitempty"`
|
|
||||||
|
|
||||||
// The port that will be exposed by this service.
|
|
||||||
Port int32 `json:"port"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// ServiceList holds a list of services.
|
|
||||||
type ServiceList struct {
|
|
||||||
ListMeta `json:"metadata,omitempty" description:"standard list metadata; see http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata"`
|
|
||||||
|
|
||||||
Items []Service `json:"items" description:"list of services"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Endpoints is a collection of endpoints that implement the actual service. Example:
|
|
||||||
// Name: "mysvc",
|
|
||||||
// Subsets: [
|
|
||||||
// {
|
|
||||||
// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
|
|
||||||
// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
|
|
||||||
// },
|
|
||||||
// {
|
|
||||||
// Addresses: [{"ip": "10.10.3.3"}],
|
|
||||||
// Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}]
|
|
||||||
// },
|
|
||||||
// ]
|
|
||||||
type Endpoints struct {
|
|
||||||
ObjectMeta `json:"metadata,omitempty" description:"standard object metadata; see http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata"`
|
|
||||||
|
|
||||||
// The set of all endpoints is the union of all subsets.
|
|
||||||
Subsets []EndpointSubset `json:"subsets" description:"sets of addresses and ports that comprise a service"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// EndpointSubset is a group of addresses with a common set of ports. The
|
|
||||||
// expanded set of endpoints is the Cartesian product of Addresses x Ports.
|
|
||||||
// For example, given:
|
|
||||||
// {
|
|
||||||
// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
|
|
||||||
// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
|
|
||||||
// }
|
|
||||||
// The resulting set of endpoints can be viewed as:
|
|
||||||
// a: [ 10.10.1.1:8675, 10.10.2.2:8675 ],
|
|
||||||
// b: [ 10.10.1.1:309, 10.10.2.2:309 ]
|
|
||||||
type EndpointSubset struct {
|
|
||||||
Addresses []EndpointAddress `json:"addresses,omitempty" description:"IP addresses which offer the related ports"`
|
|
||||||
Ports []EndpointPort `json:"ports,omitempty" description:"port numbers available on the related IP addresses"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// EndpointAddress is a tuple that describes single IP address.
|
|
||||||
type EndpointAddress struct {
|
|
||||||
// The IP of this endpoint.
|
|
||||||
// TODO: This should allow hostname or IP, see #4447.
|
|
||||||
IP string `json:"ip" description:"IP address of the endpoint"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// EndpointPort is a tuple that describes a single port.
|
|
||||||
type EndpointPort struct {
|
|
||||||
// The port number.
|
|
||||||
Port int `json:"port" description:"port number of the endpoint"`
|
|
||||||
|
|
||||||
// The IP protocol for this port.
|
|
||||||
Protocol Protocol `json:"protocol,omitempty" description:"protocol for this port; must be UDP or TCP; TCP if unspecified"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// EndpointsList is a list of endpoints.
|
|
||||||
type EndpointsList struct {
|
|
||||||
ListMeta `json:"metadata,omitempty" description:"standard list metadata; see http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata"`
|
|
||||||
|
|
||||||
Items []Endpoints `json:"items" description:"list of endpoints"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// NodeStatus is information about the current status of a node.
|
|
||||||
type NodeStatus struct {
|
|
||||||
// Queried from cloud provider, if available.
|
|
||||||
Addresses []NodeAddress `json:"addresses,omitempty" description:"list of addresses reachable to the node; see http://releases.k8s.io/HEAD/docs/admin/node.md#node-addresses" patchStrategy:"merge" patchMergeKey:"type"`
|
|
||||||
// Endpoints of daemons running on the Node.
|
|
||||||
DaemonEndpoints NodeDaemonEndpoints `json:"daemonEndpoints,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// NodeDaemonEndpoints lists ports opened by daemons running on the Node.
|
|
||||||
type NodeDaemonEndpoints struct {
|
|
||||||
// Endpoint on which Kubelet is listening.
|
|
||||||
KubeletEndpoint DaemonEndpoint `json:"kubeletEndpoint,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// DaemonEndpoint contains information about a single Daemon endpoint.
|
|
||||||
type DaemonEndpoint struct {
|
|
||||||
/*
|
|
||||||
The port tag was not properly in quotes in earlier releases, so it must be
|
|
||||||
uppercased for backwards compat (since it was falling back to var name of
|
|
||||||
'Port').
|
|
||||||
*/
|
|
||||||
|
|
||||||
// Port number of the given endpoint.
|
|
||||||
Port int32 `json:"Port"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// NodeAddressType can legally only have the values defined as constants below.
|
|
||||||
type NodeAddressType string
|
|
||||||
|
|
||||||
// These are valid address types of node. NodeLegacyHostIP is used to transit
|
|
||||||
// from out-dated HostIP field to NodeAddress.
|
|
||||||
const (
|
|
||||||
NodeLegacyHostIP NodeAddressType = "LegacyHostIP"
|
|
||||||
NodeHostName NodeAddressType = "Hostname"
|
|
||||||
NodeExternalIP NodeAddressType = "ExternalIP"
|
|
||||||
NodeInternalIP NodeAddressType = "InternalIP"
|
|
||||||
)
|
|
||||||
|
|
||||||
// NodeAddress defines the address of a node.
|
|
||||||
type NodeAddress struct {
|
|
||||||
Type NodeAddressType `json:"type" description:"node address type, one of Hostname, ExternalIP or InternalIP"`
|
|
||||||
Address string `json:"address" description:"the node address"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Node is a worker node in Kubernetes, formerly known as minion.
|
|
||||||
// Each node will have a unique identifier in the cache (i.e. in etcd).
|
|
||||||
type Node struct {
|
|
||||||
ObjectMeta `json:"metadata,omitempty" description:"standard object metadata; see http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata"`
|
|
||||||
|
|
||||||
// Status describes the current status of a Node
|
|
||||||
Status NodeStatus `json:"status,omitempty" description:"most recently observed status of the node; populated by the system, read-only; http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// NodeList is the whole list of all Nodes which have been registered with master.
|
|
||||||
type NodeList struct {
|
|
||||||
ListMeta `json:"metadata,omitempty" description:"standard list metadata; see http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata"`
|
|
||||||
|
|
||||||
Items []Node `json:"items" description:"list of nodes"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type Pod struct {
|
|
||||||
ObjectMeta `json:"metadata,omitempty" description:"standard object metadata; see http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata"`
|
|
||||||
PodStatus `json:"status,omitempty" description:"pod status object; see http://kubernetes.io/v1.1/docs/api-reference/v1/definitions.html#_v1_podstatus"`
|
|
||||||
PodSpec `json:"spec,omitempty" description:"pod spec object; see http://kubernetes.io/v1.1/docs/api-reference/v1/definitions.html#_v1_podspec"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type podEvent struct {
|
|
||||||
EventType EventType `json:"type"`
|
|
||||||
Pod *Pod `json:"object"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type PodList struct {
|
|
||||||
ListMeta `json:"metadata,omitempty" description:"standard list metadata; see http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata"`
|
|
||||||
|
|
||||||
Items []Pod `json:"items" description:"list of pods"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type PodStatus struct {
|
|
||||||
Phase string `json:"phase" description:"Current condition of the pod. More info: http://kubernetes.io/v1.1/docs/user-guide/pod-states.html#pod-phase"`
|
|
||||||
PodIP string `json:"podIP" description:"IP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated."`
|
|
||||||
Conditions []PodCondition `json:"conditions" description:"Current service state of pod."`
|
|
||||||
HostIP string `json:"hostIP,omitempty" description:"IP address of the host to which the pod is assigned. Empty if not yet scheduled."`
|
|
||||||
}
|
|
||||||
|
|
||||||
type PodSpec struct {
|
|
||||||
Containers []Container `json:"containers" description:"list of containers, see http://kubernetes.io/v1.1/docs/api-reference/v1/definitions.html#_v1_container"`
|
|
||||||
NodeName string `json:"nodeName,omitempty" description:"NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements."`
|
|
||||||
}
|
|
||||||
|
|
||||||
type PodCondition struct {
|
|
||||||
Type string `json:"type" description:"Type is the type of the condition. Currently only Ready."`
|
|
||||||
Status string `json:"status" description:"Status is the status of the condition. Can be True, False, Unknown."`
|
|
||||||
}
|
|
|
@ -252,6 +252,8 @@ func (d *Desc) MaybeEvict() bool {
|
||||||
panic("ChunkLastTime not populated for evicted chunk")
|
panic("ChunkLastTime not populated for evicted chunk")
|
||||||
}
|
}
|
||||||
d.C = nil
|
d.C = nil
|
||||||
|
Ops.WithLabelValues(Evict).Inc()
|
||||||
|
atomic.AddInt64(&NumMemChunks, -1)
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,8 @@ import (
|
||||||
// Storage ingests and manages samples, along with various indexes. All methods
|
// Storage ingests and manages samples, along with various indexes. All methods
|
||||||
// are goroutine-safe. Storage implements storage.SampleAppender.
|
// are goroutine-safe. Storage implements storage.SampleAppender.
|
||||||
type Storage interface {
|
type Storage interface {
|
||||||
Querier
|
// Querier returns a new Querier on the storage.
|
||||||
|
Querier() (Querier, error)
|
||||||
|
|
||||||
// This SampleAppender needs multiple samples for the same fingerprint to be
|
// This SampleAppender needs multiple samples for the same fingerprint to be
|
||||||
// submitted in chronological order, from oldest to newest. When Append has
|
// submitted in chronological order, from oldest to newest. When Append has
|
||||||
|
@ -57,6 +58,9 @@ type Storage interface {
|
||||||
|
|
||||||
// Querier allows querying a time series storage.
|
// Querier allows querying a time series storage.
|
||||||
type Querier interface {
|
type Querier interface {
|
||||||
|
// Close closes the querier. Behavior for subsequent calls to Querier methods
|
||||||
|
// is undefined.
|
||||||
|
Close() error
|
||||||
// QueryRange returns a list of series iterators for the selected
|
// QueryRange returns a list of series iterators for the selected
|
||||||
// time range and label matchers. The iterators need to be closed
|
// time range and label matchers. The iterators need to be closed
|
||||||
// after usage.
|
// after usage.
|
||||||
|
|
|
@ -40,23 +40,35 @@ func (s *NoopStorage) Stop() error {
|
||||||
func (s *NoopStorage) WaitForIndexing() {
|
func (s *NoopStorage) WaitForIndexing() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// LastSampleForLabelMatchers implements Storage.
|
// Querier implements Storage.
|
||||||
func (s *NoopStorage) LastSampleForLabelMatchers(ctx context.Context, cutoff model.Time, matcherSets ...metric.LabelMatchers) (model.Vector, error) {
|
func (s *NoopStorage) Querier() (Querier, error) {
|
||||||
|
return &NoopQuerier{}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
type NoopQuerier struct{}
|
||||||
|
|
||||||
|
// Close implements Querier.
|
||||||
|
func (s *NoopQuerier) Close() error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// LastSampleForLabelMatchers implements Querier.
|
||||||
|
func (s *NoopQuerier) LastSampleForLabelMatchers(ctx context.Context, cutoff model.Time, matcherSets ...metric.LabelMatchers) (model.Vector, error) {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// QueryRange implements Storage.
|
// QueryRange implements Querier
|
||||||
func (s *NoopStorage) QueryRange(ctx context.Context, from, through model.Time, matchers ...*metric.LabelMatcher) ([]SeriesIterator, error) {
|
func (s *NoopQuerier) QueryRange(ctx context.Context, from, through model.Time, matchers ...*metric.LabelMatcher) ([]SeriesIterator, error) {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// QueryInstant implements Storage.
|
// QueryInstant implements Querier.
|
||||||
func (s *NoopStorage) QueryInstant(ctx context.Context, ts model.Time, stalenessDelta time.Duration, matchers ...*metric.LabelMatcher) ([]SeriesIterator, error) {
|
func (s *NoopQuerier) QueryInstant(ctx context.Context, ts model.Time, stalenessDelta time.Duration, matchers ...*metric.LabelMatcher) ([]SeriesIterator, error) {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// MetricsForLabelMatchers implements Storage.
|
// MetricsForLabelMatchers implements Querier.
|
||||||
func (s *NoopStorage) MetricsForLabelMatchers(
|
func (s *NoopQuerier) MetricsForLabelMatchers(
|
||||||
ctx context.Context,
|
ctx context.Context,
|
||||||
from, through model.Time,
|
from, through model.Time,
|
||||||
matcherSets ...metric.LabelMatchers,
|
matcherSets ...metric.LabelMatchers,
|
||||||
|
@ -64,8 +76,8 @@ func (s *NoopStorage) MetricsForLabelMatchers(
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// LabelValuesForLabelName implements Storage.
|
// LabelValuesForLabelName implements Querier.
|
||||||
func (s *NoopStorage) LabelValuesForLabelName(ctx context.Context, labelName model.LabelName) (model.LabelValues, error) {
|
func (s *NoopQuerier) LabelValuesForLabelName(ctx context.Context, labelName model.LabelName) (model.LabelValues, error) {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -403,6 +403,19 @@ func (s *MemorySeriesStorage) Stop() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type memorySeriesStorageQuerier struct {
|
||||||
|
*MemorySeriesStorage
|
||||||
|
}
|
||||||
|
|
||||||
|
func (memorySeriesStorageQuerier) Close() error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Querier implements the storage interface.
|
||||||
|
func (s *MemorySeriesStorage) Querier() (Querier, error) {
|
||||||
|
return memorySeriesStorageQuerier{s}, nil
|
||||||
|
}
|
||||||
|
|
||||||
// WaitForIndexing implements Storage.
|
// WaitForIndexing implements Storage.
|
||||||
func (s *MemorySeriesStorage) WaitForIndexing() {
|
func (s *MemorySeriesStorage) WaitForIndexing() {
|
||||||
s.persistence.waitForIndexing()
|
s.persistence.waitForIndexing()
|
||||||
|
|
|
@ -20,6 +20,7 @@ import (
|
||||||
"math/rand"
|
"math/rand"
|
||||||
"os"
|
"os"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
"sync/atomic"
|
||||||
"testing"
|
"testing"
|
||||||
"testing/quick"
|
"testing/quick"
|
||||||
"time"
|
"time"
|
||||||
|
@ -1412,6 +1413,10 @@ func testEvictAndLoadChunkDescs(t *testing.T, encoding chunk.Encoding) {
|
||||||
Value: model.SampleValue(3.14),
|
Value: model.SampleValue(3.14),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Sadly, chunk.NumMemChunks is a global variable. We have to reset it
|
||||||
|
// explicitly here.
|
||||||
|
atomic.StoreInt64(&chunk.NumMemChunks, 0)
|
||||||
|
|
||||||
s, closer := NewTestStorage(t, encoding)
|
s, closer := NewTestStorage(t, encoding)
|
||||||
defer closer.Close()
|
defer closer.Close()
|
||||||
|
|
||||||
|
@ -1441,6 +1446,9 @@ func testEvictAndLoadChunkDescs(t *testing.T, encoding chunk.Encoding) {
|
||||||
if oldLen <= len(series.chunkDescs) {
|
if oldLen <= len(series.chunkDescs) {
|
||||||
t.Errorf("Expected number of chunkDescs to decrease, old number %d, current number %d.", oldLen, len(series.chunkDescs))
|
t.Errorf("Expected number of chunkDescs to decrease, old number %d, current number %d.", oldLen, len(series.chunkDescs))
|
||||||
}
|
}
|
||||||
|
if int64(len(series.chunkDescs)) < atomic.LoadInt64(&chunk.NumMemChunks) {
|
||||||
|
t.Errorf("NumMemChunks is larger than number of chunk descs, number of chunk descs: %d, NumMemChunks: %d.", len(series.chunkDescs), atomic.LoadInt64(&chunk.NumMemChunks))
|
||||||
|
}
|
||||||
|
|
||||||
// Load everything back.
|
// Load everything back.
|
||||||
it := s.preloadChunksForRange(makeFingerprintSeriesPair(s, fp), 0, 100000)
|
it := s.preloadChunksForRange(makeFingerprintSeriesPair(s, fp), 0, 100000)
|
||||||
|
|
202
vendor/cloud.google.com/go/LICENSE
generated
vendored
Normal file
202
vendor/cloud.google.com/go/LICENSE
generated
vendored
Normal file
|
@ -0,0 +1,202 @@
|
||||||
|
|
||||||
|
Apache License
|
||||||
|
Version 2.0, January 2004
|
||||||
|
http://www.apache.org/licenses/
|
||||||
|
|
||||||
|
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||||
|
|
||||||
|
1. Definitions.
|
||||||
|
|
||||||
|
"License" shall mean the terms and conditions for use, reproduction,
|
||||||
|
and distribution as defined by Sections 1 through 9 of this document.
|
||||||
|
|
||||||
|
"Licensor" shall mean the copyright owner or entity authorized by
|
||||||
|
the copyright owner that is granting the License.
|
||||||
|
|
||||||
|
"Legal Entity" shall mean the union of the acting entity and all
|
||||||
|
other entities that control, are controlled by, or are under common
|
||||||
|
control with that entity. For the purposes of this definition,
|
||||||
|
"control" means (i) the power, direct or indirect, to cause the
|
||||||
|
direction or management of such entity, whether by contract or
|
||||||
|
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||||
|
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||||
|
|
||||||
|
"You" (or "Your") shall mean an individual or Legal Entity
|
||||||
|
exercising permissions granted by this License.
|
||||||
|
|
||||||
|
"Source" form shall mean the preferred form for making modifications,
|
||||||
|
including but not limited to software source code, documentation
|
||||||
|
source, and configuration files.
|
||||||
|
|
||||||
|
"Object" form shall mean any form resulting from mechanical
|
||||||
|
transformation or translation of a Source form, including but
|
||||||
|
not limited to compiled object code, generated documentation,
|
||||||
|
and conversions to other media types.
|
||||||
|
|
||||||
|
"Work" shall mean the work of authorship, whether in Source or
|
||||||
|
Object form, made available under the License, as indicated by a
|
||||||
|
copyright notice that is included in or attached to the work
|
||||||
|
(an example is provided in the Appendix below).
|
||||||
|
|
||||||
|
"Derivative Works" shall mean any work, whether in Source or Object
|
||||||
|
form, that is based on (or derived from) the Work and for which the
|
||||||
|
editorial revisions, annotations, elaborations, or other modifications
|
||||||
|
represent, as a whole, an original work of authorship. For the purposes
|
||||||
|
of this License, Derivative Works shall not include works that remain
|
||||||
|
separable from, or merely link (or bind by name) to the interfaces of,
|
||||||
|
the Work and Derivative Works thereof.
|
||||||
|
|
||||||
|
"Contribution" shall mean any work of authorship, including
|
||||||
|
the original version of the Work and any modifications or additions
|
||||||
|
to that Work or Derivative Works thereof, that is intentionally
|
||||||
|
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||||
|
or by an individual or Legal Entity authorized to submit on behalf of
|
||||||
|
the copyright owner. For the purposes of this definition, "submitted"
|
||||||
|
means any form of electronic, verbal, or written communication sent
|
||||||
|
to the Licensor or its representatives, including but not limited to
|
||||||
|
communication on electronic mailing lists, source code control systems,
|
||||||
|
and issue tracking systems that are managed by, or on behalf of, the
|
||||||
|
Licensor for the purpose of discussing and improving the Work, but
|
||||||
|
excluding communication that is conspicuously marked or otherwise
|
||||||
|
designated in writing by the copyright owner as "Not a Contribution."
|
||||||
|
|
||||||
|
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||||
|
on behalf of whom a Contribution has been received by Licensor and
|
||||||
|
subsequently incorporated within the Work.
|
||||||
|
|
||||||
|
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
copyright license to reproduce, prepare Derivative Works of,
|
||||||
|
publicly display, publicly perform, sublicense, and distribute the
|
||||||
|
Work and such Derivative Works in Source or Object form.
|
||||||
|
|
||||||
|
3. Grant of Patent License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
(except as stated in this section) patent license to make, have made,
|
||||||
|
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||||
|
where such license applies only to those patent claims licensable
|
||||||
|
by such Contributor that are necessarily infringed by their
|
||||||
|
Contribution(s) alone or by combination of their Contribution(s)
|
||||||
|
with the Work to which such Contribution(s) was submitted. If You
|
||||||
|
institute patent litigation against any entity (including a
|
||||||
|
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||||
|
or a Contribution incorporated within the Work constitutes direct
|
||||||
|
or contributory patent infringement, then any patent licenses
|
||||||
|
granted to You under this License for that Work shall terminate
|
||||||
|
as of the date such litigation is filed.
|
||||||
|
|
||||||
|
4. Redistribution. You may reproduce and distribute copies of the
|
||||||
|
Work or Derivative Works thereof in any medium, with or without
|
||||||
|
modifications, and in Source or Object form, provided that You
|
||||||
|
meet the following conditions:
|
||||||
|
|
||||||
|
(a) You must give any other recipients of the Work or
|
||||||
|
Derivative Works a copy of this License; and
|
||||||
|
|
||||||
|
(b) You must cause any modified files to carry prominent notices
|
||||||
|
stating that You changed the files; and
|
||||||
|
|
||||||
|
(c) You must retain, in the Source form of any Derivative Works
|
||||||
|
that You distribute, all copyright, patent, trademark, and
|
||||||
|
attribution notices from the Source form of the Work,
|
||||||
|
excluding those notices that do not pertain to any part of
|
||||||
|
the Derivative Works; and
|
||||||
|
|
||||||
|
(d) If the Work includes a "NOTICE" text file as part of its
|
||||||
|
distribution, then any Derivative Works that You distribute must
|
||||||
|
include a readable copy of the attribution notices contained
|
||||||
|
within such NOTICE file, excluding those notices that do not
|
||||||
|
pertain to any part of the Derivative Works, in at least one
|
||||||
|
of the following places: within a NOTICE text file distributed
|
||||||
|
as part of the Derivative Works; within the Source form or
|
||||||
|
documentation, if provided along with the Derivative Works; or,
|
||||||
|
within a display generated by the Derivative Works, if and
|
||||||
|
wherever such third-party notices normally appear. The contents
|
||||||
|
of the NOTICE file are for informational purposes only and
|
||||||
|
do not modify the License. You may add Your own attribution
|
||||||
|
notices within Derivative Works that You distribute, alongside
|
||||||
|
or as an addendum to the NOTICE text from the Work, provided
|
||||||
|
that such additional attribution notices cannot be construed
|
||||||
|
as modifying the License.
|
||||||
|
|
||||||
|
You may add Your own copyright statement to Your modifications and
|
||||||
|
may provide additional or different license terms and conditions
|
||||||
|
for use, reproduction, or distribution of Your modifications, or
|
||||||
|
for any such Derivative Works as a whole, provided Your use,
|
||||||
|
reproduction, and distribution of the Work otherwise complies with
|
||||||
|
the conditions stated in this License.
|
||||||
|
|
||||||
|
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||||
|
any Contribution intentionally submitted for inclusion in the Work
|
||||||
|
by You to the Licensor shall be under the terms and conditions of
|
||||||
|
this License, without any additional terms or conditions.
|
||||||
|
Notwithstanding the above, nothing herein shall supersede or modify
|
||||||
|
the terms of any separate license agreement you may have executed
|
||||||
|
with Licensor regarding such Contributions.
|
||||||
|
|
||||||
|
6. Trademarks. This License does not grant permission to use the trade
|
||||||
|
names, trademarks, service marks, or product names of the Licensor,
|
||||||
|
except as required for reasonable and customary use in describing the
|
||||||
|
origin of the Work and reproducing the content of the NOTICE file.
|
||||||
|
|
||||||
|
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||||
|
agreed to in writing, Licensor provides the Work (and each
|
||||||
|
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||||
|
implied, including, without limitation, any warranties or conditions
|
||||||
|
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||||
|
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||||
|
appropriateness of using or redistributing the Work and assume any
|
||||||
|
risks associated with Your exercise of permissions under this License.
|
||||||
|
|
||||||
|
8. Limitation of Liability. In no event and under no legal theory,
|
||||||
|
whether in tort (including negligence), contract, or otherwise,
|
||||||
|
unless required by applicable law (such as deliberate and grossly
|
||||||
|
negligent acts) or agreed to in writing, shall any Contributor be
|
||||||
|
liable to You for damages, including any direct, indirect, special,
|
||||||
|
incidental, or consequential damages of any character arising as a
|
||||||
|
result of this License or out of the use or inability to use the
|
||||||
|
Work (including but not limited to damages for loss of goodwill,
|
||||||
|
work stoppage, computer failure or malfunction, or any and all
|
||||||
|
other commercial damages or losses), even if such Contributor
|
||||||
|
has been advised of the possibility of such damages.
|
||||||
|
|
||||||
|
9. Accepting Warranty or Additional Liability. While redistributing
|
||||||
|
the Work or Derivative Works thereof, You may choose to offer,
|
||||||
|
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||||
|
or other liability obligations and/or rights consistent with this
|
||||||
|
License. However, in accepting such obligations, You may act only
|
||||||
|
on Your own behalf and on Your sole responsibility, not on behalf
|
||||||
|
of any other Contributor, and only if You agree to indemnify,
|
||||||
|
defend, and hold each Contributor harmless for any liability
|
||||||
|
incurred by, or claims asserted against, such Contributor by reason
|
||||||
|
of your accepting any such warranty or additional liability.
|
||||||
|
|
||||||
|
END OF TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
APPENDIX: How to apply the Apache License to your work.
|
||||||
|
|
||||||
|
To apply the Apache License to your work, attach the following
|
||||||
|
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||||
|
replaced with your own identifying information. (Don't include
|
||||||
|
the brackets!) The text should be enclosed in the appropriate
|
||||||
|
comment syntax for the file format. We also recommend that a
|
||||||
|
file or class name and description of purpose be included on the
|
||||||
|
same "printed page" as the copyright notice for easier
|
||||||
|
identification within third-party archives.
|
||||||
|
|
||||||
|
Copyright 2014 Google Inc.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
438
vendor/cloud.google.com/go/compute/metadata/metadata.go
generated
vendored
Normal file
438
vendor/cloud.google.com/go/compute/metadata/metadata.go
generated
vendored
Normal file
|
@ -0,0 +1,438 @@
|
||||||
|
// Copyright 2014 Google Inc. All Rights Reserved.
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
// Package metadata provides access to Google Compute Engine (GCE)
|
||||||
|
// metadata and API service accounts.
|
||||||
|
//
|
||||||
|
// This package is a wrapper around the GCE metadata service,
|
||||||
|
// as documented at https://developers.google.com/compute/docs/metadata.
|
||||||
|
package metadata
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
|
"net"
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
"os"
|
||||||
|
"runtime"
|
||||||
|
"strings"
|
||||||
|
"sync"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"golang.org/x/net/context"
|
||||||
|
"golang.org/x/net/context/ctxhttp"
|
||||||
|
|
||||||
|
"cloud.google.com/go/internal"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
// metadataIP is the documented metadata server IP address.
|
||||||
|
metadataIP = "169.254.169.254"
|
||||||
|
|
||||||
|
// metadataHostEnv is the environment variable specifying the
|
||||||
|
// GCE metadata hostname. If empty, the default value of
|
||||||
|
// metadataIP ("169.254.169.254") is used instead.
|
||||||
|
// This is variable name is not defined by any spec, as far as
|
||||||
|
// I know; it was made up for the Go package.
|
||||||
|
metadataHostEnv = "GCE_METADATA_HOST"
|
||||||
|
)
|
||||||
|
|
||||||
|
type cachedValue struct {
|
||||||
|
k string
|
||||||
|
trim bool
|
||||||
|
mu sync.Mutex
|
||||||
|
v string
|
||||||
|
}
|
||||||
|
|
||||||
|
var (
|
||||||
|
projID = &cachedValue{k: "project/project-id", trim: true}
|
||||||
|
projNum = &cachedValue{k: "project/numeric-project-id", trim: true}
|
||||||
|
instID = &cachedValue{k: "instance/id", trim: true}
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
metaClient = &http.Client{
|
||||||
|
Transport: &internal.Transport{
|
||||||
|
Base: &http.Transport{
|
||||||
|
Dial: (&net.Dialer{
|
||||||
|
Timeout: 2 * time.Second,
|
||||||
|
KeepAlive: 30 * time.Second,
|
||||||
|
}).Dial,
|
||||||
|
ResponseHeaderTimeout: 2 * time.Second,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
subscribeClient = &http.Client{
|
||||||
|
Transport: &internal.Transport{
|
||||||
|
Base: &http.Transport{
|
||||||
|
Dial: (&net.Dialer{
|
||||||
|
Timeout: 2 * time.Second,
|
||||||
|
KeepAlive: 30 * time.Second,
|
||||||
|
}).Dial,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
// NotDefinedError is returned when requested metadata is not defined.
|
||||||
|
//
|
||||||
|
// The underlying string is the suffix after "/computeMetadata/v1/".
|
||||||
|
//
|
||||||
|
// This error is not returned if the value is defined to be the empty
|
||||||
|
// string.
|
||||||
|
type NotDefinedError string
|
||||||
|
|
||||||
|
func (suffix NotDefinedError) Error() string {
|
||||||
|
return fmt.Sprintf("metadata: GCE metadata %q not defined", string(suffix))
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get returns a value from the metadata service.
|
||||||
|
// The suffix is appended to "http://${GCE_METADATA_HOST}/computeMetadata/v1/".
|
||||||
|
//
|
||||||
|
// If the GCE_METADATA_HOST environment variable is not defined, a default of
|
||||||
|
// 169.254.169.254 will be used instead.
|
||||||
|
//
|
||||||
|
// If the requested metadata is not defined, the returned error will
|
||||||
|
// be of type NotDefinedError.
|
||||||
|
func Get(suffix string) (string, error) {
|
||||||
|
val, _, err := getETag(metaClient, suffix)
|
||||||
|
return val, err
|
||||||
|
}
|
||||||
|
|
||||||
|
// getETag returns a value from the metadata service as well as the associated
|
||||||
|
// ETag using the provided client. This func is otherwise equivalent to Get.
|
||||||
|
func getETag(client *http.Client, suffix string) (value, etag string, err error) {
|
||||||
|
// Using a fixed IP makes it very difficult to spoof the metadata service in
|
||||||
|
// a container, which is an important use-case for local testing of cloud
|
||||||
|
// deployments. To enable spoofing of the metadata service, the environment
|
||||||
|
// variable GCE_METADATA_HOST is first inspected to decide where metadata
|
||||||
|
// requests shall go.
|
||||||
|
host := os.Getenv(metadataHostEnv)
|
||||||
|
if host == "" {
|
||||||
|
// Using 169.254.169.254 instead of "metadata" here because Go
|
||||||
|
// binaries built with the "netgo" tag and without cgo won't
|
||||||
|
// know the search suffix for "metadata" is
|
||||||
|
// ".google.internal", and this IP address is documented as
|
||||||
|
// being stable anyway.
|
||||||
|
host = metadataIP
|
||||||
|
}
|
||||||
|
url := "http://" + host + "/computeMetadata/v1/" + suffix
|
||||||
|
req, _ := http.NewRequest("GET", url, nil)
|
||||||
|
req.Header.Set("Metadata-Flavor", "Google")
|
||||||
|
res, err := client.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return "", "", err
|
||||||
|
}
|
||||||
|
defer res.Body.Close()
|
||||||
|
if res.StatusCode == http.StatusNotFound {
|
||||||
|
return "", "", NotDefinedError(suffix)
|
||||||
|
}
|
||||||
|
if res.StatusCode != 200 {
|
||||||
|
return "", "", fmt.Errorf("status code %d trying to fetch %s", res.StatusCode, url)
|
||||||
|
}
|
||||||
|
all, err := ioutil.ReadAll(res.Body)
|
||||||
|
if err != nil {
|
||||||
|
return "", "", err
|
||||||
|
}
|
||||||
|
return string(all), res.Header.Get("Etag"), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func getTrimmed(suffix string) (s string, err error) {
|
||||||
|
s, err = Get(suffix)
|
||||||
|
s = strings.TrimSpace(s)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *cachedValue) get() (v string, err error) {
|
||||||
|
defer c.mu.Unlock()
|
||||||
|
c.mu.Lock()
|
||||||
|
if c.v != "" {
|
||||||
|
return c.v, nil
|
||||||
|
}
|
||||||
|
if c.trim {
|
||||||
|
v, err = getTrimmed(c.k)
|
||||||
|
} else {
|
||||||
|
v, err = Get(c.k)
|
||||||
|
}
|
||||||
|
if err == nil {
|
||||||
|
c.v = v
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
var (
|
||||||
|
onGCEOnce sync.Once
|
||||||
|
onGCE bool
|
||||||
|
)
|
||||||
|
|
||||||
|
// OnGCE reports whether this process is running on Google Compute Engine.
|
||||||
|
func OnGCE() bool {
|
||||||
|
onGCEOnce.Do(initOnGCE)
|
||||||
|
return onGCE
|
||||||
|
}
|
||||||
|
|
||||||
|
func initOnGCE() {
|
||||||
|
onGCE = testOnGCE()
|
||||||
|
}
|
||||||
|
|
||||||
|
func testOnGCE() bool {
|
||||||
|
// The user explicitly said they're on GCE, so trust them.
|
||||||
|
if os.Getenv(metadataHostEnv) != "" {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx, cancel := context.WithCancel(context.Background())
|
||||||
|
defer cancel()
|
||||||
|
|
||||||
|
resc := make(chan bool, 2)
|
||||||
|
|
||||||
|
// Try two strategies in parallel.
|
||||||
|
// See https://github.com/GoogleCloudPlatform/google-cloud-go/issues/194
|
||||||
|
go func() {
|
||||||
|
res, err := ctxhttp.Get(ctx, metaClient, "http://"+metadataIP)
|
||||||
|
if err != nil {
|
||||||
|
resc <- false
|
||||||
|
return
|
||||||
|
}
|
||||||
|
defer res.Body.Close()
|
||||||
|
resc <- res.Header.Get("Metadata-Flavor") == "Google"
|
||||||
|
}()
|
||||||
|
|
||||||
|
go func() {
|
||||||
|
addrs, err := net.LookupHost("metadata.google.internal")
|
||||||
|
if err != nil || len(addrs) == 0 {
|
||||||
|
resc <- false
|
||||||
|
return
|
||||||
|
}
|
||||||
|
resc <- strsContains(addrs, metadataIP)
|
||||||
|
}()
|
||||||
|
|
||||||
|
tryHarder := systemInfoSuggestsGCE()
|
||||||
|
if tryHarder {
|
||||||
|
res := <-resc
|
||||||
|
if res {
|
||||||
|
// The first strategy succeeded, so let's use it.
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
// Wait for either the DNS or metadata server probe to
|
||||||
|
// contradict the other one and say we are running on
|
||||||
|
// GCE. Give it a lot of time to do so, since the system
|
||||||
|
// info already suggests we're running on a GCE BIOS.
|
||||||
|
timer := time.NewTimer(5 * time.Second)
|
||||||
|
defer timer.Stop()
|
||||||
|
select {
|
||||||
|
case res = <-resc:
|
||||||
|
return res
|
||||||
|
case <-timer.C:
|
||||||
|
// Too slow. Who knows what this system is.
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// There's no hint from the system info that we're running on
|
||||||
|
// GCE, so use the first probe's result as truth, whether it's
|
||||||
|
// true or false. The goal here is to optimize for speed for
|
||||||
|
// users who are NOT running on GCE. We can't assume that
|
||||||
|
// either a DNS lookup or an HTTP request to a blackholed IP
|
||||||
|
// address is fast. Worst case this should return when the
|
||||||
|
// metaClient's Transport.ResponseHeaderTimeout or
|
||||||
|
// Transport.Dial.Timeout fires (in two seconds).
|
||||||
|
return <-resc
|
||||||
|
}
|
||||||
|
|
||||||
|
// systemInfoSuggestsGCE reports whether the local system (without
|
||||||
|
// doing network requests) suggests that we're running on GCE. If this
|
||||||
|
// returns true, testOnGCE tries a bit harder to reach its metadata
|
||||||
|
// server.
|
||||||
|
func systemInfoSuggestsGCE() bool {
|
||||||
|
if runtime.GOOS != "linux" {
|
||||||
|
// We don't have any non-Linux clues available, at least yet.
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
slurp, _ := ioutil.ReadFile("/sys/class/dmi/id/product_name")
|
||||||
|
name := strings.TrimSpace(string(slurp))
|
||||||
|
return name == "Google" || name == "Google Compute Engine"
|
||||||
|
}
|
||||||
|
|
||||||
|
// Subscribe subscribes to a value from the metadata service.
|
||||||
|
// The suffix is appended to "http://${GCE_METADATA_HOST}/computeMetadata/v1/".
|
||||||
|
// The suffix may contain query parameters.
|
||||||
|
//
|
||||||
|
// Subscribe calls fn with the latest metadata value indicated by the provided
|
||||||
|
// suffix. If the metadata value is deleted, fn is called with the empty string
|
||||||
|
// and ok false. Subscribe blocks until fn returns a non-nil error or the value
|
||||||
|
// is deleted. Subscribe returns the error value returned from the last call to
|
||||||
|
// fn, which may be nil when ok == false.
|
||||||
|
func Subscribe(suffix string, fn func(v string, ok bool) error) error {
|
||||||
|
const failedSubscribeSleep = time.Second * 5
|
||||||
|
|
||||||
|
// First check to see if the metadata value exists at all.
|
||||||
|
val, lastETag, err := getETag(subscribeClient, suffix)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := fn(val, true); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
ok := true
|
||||||
|
if strings.ContainsRune(suffix, '?') {
|
||||||
|
suffix += "&wait_for_change=true&last_etag="
|
||||||
|
} else {
|
||||||
|
suffix += "?wait_for_change=true&last_etag="
|
||||||
|
}
|
||||||
|
for {
|
||||||
|
val, etag, err := getETag(subscribeClient, suffix+url.QueryEscape(lastETag))
|
||||||
|
if err != nil {
|
||||||
|
if _, deleted := err.(NotDefinedError); !deleted {
|
||||||
|
time.Sleep(failedSubscribeSleep)
|
||||||
|
continue // Retry on other errors.
|
||||||
|
}
|
||||||
|
ok = false
|
||||||
|
}
|
||||||
|
lastETag = etag
|
||||||
|
|
||||||
|
if err := fn(val, ok); err != nil || !ok {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// ProjectID returns the current instance's project ID string.
|
||||||
|
func ProjectID() (string, error) { return projID.get() }
|
||||||
|
|
||||||
|
// NumericProjectID returns the current instance's numeric project ID.
|
||||||
|
func NumericProjectID() (string, error) { return projNum.get() }
|
||||||
|
|
||||||
|
// InternalIP returns the instance's primary internal IP address.
|
||||||
|
func InternalIP() (string, error) {
|
||||||
|
return getTrimmed("instance/network-interfaces/0/ip")
|
||||||
|
}
|
||||||
|
|
||||||
|
// ExternalIP returns the instance's primary external (public) IP address.
|
||||||
|
func ExternalIP() (string, error) {
|
||||||
|
return getTrimmed("instance/network-interfaces/0/access-configs/0/external-ip")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Hostname returns the instance's hostname. This will be of the form
|
||||||
|
// "<instanceID>.c.<projID>.internal".
|
||||||
|
func Hostname() (string, error) {
|
||||||
|
return getTrimmed("instance/hostname")
|
||||||
|
}
|
||||||
|
|
||||||
|
// InstanceTags returns the list of user-defined instance tags,
|
||||||
|
// assigned when initially creating a GCE instance.
|
||||||
|
func InstanceTags() ([]string, error) {
|
||||||
|
var s []string
|
||||||
|
j, err := Get("instance/tags")
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
if err := json.NewDecoder(strings.NewReader(j)).Decode(&s); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return s, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// InstanceID returns the current VM's numeric instance ID.
|
||||||
|
func InstanceID() (string, error) {
|
||||||
|
return instID.get()
|
||||||
|
}
|
||||||
|
|
||||||
|
// InstanceName returns the current VM's instance ID string.
|
||||||
|
func InstanceName() (string, error) {
|
||||||
|
host, err := Hostname()
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
return strings.Split(host, ".")[0], nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Zone returns the current VM's zone, such as "us-central1-b".
|
||||||
|
func Zone() (string, error) {
|
||||||
|
zone, err := getTrimmed("instance/zone")
|
||||||
|
// zone is of the form "projects/<projNum>/zones/<zoneName>".
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
return zone[strings.LastIndex(zone, "/")+1:], nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// InstanceAttributes returns the list of user-defined attributes,
|
||||||
|
// assigned when initially creating a GCE VM instance. The value of an
|
||||||
|
// attribute can be obtained with InstanceAttributeValue.
|
||||||
|
func InstanceAttributes() ([]string, error) { return lines("instance/attributes/") }
|
||||||
|
|
||||||
|
// ProjectAttributes returns the list of user-defined attributes
|
||||||
|
// applying to the project as a whole, not just this VM. The value of
|
||||||
|
// an attribute can be obtained with ProjectAttributeValue.
|
||||||
|
func ProjectAttributes() ([]string, error) { return lines("project/attributes/") }
|
||||||
|
|
||||||
|
func lines(suffix string) ([]string, error) {
|
||||||
|
j, err := Get(suffix)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
s := strings.Split(strings.TrimSpace(j), "\n")
|
||||||
|
for i := range s {
|
||||||
|
s[i] = strings.TrimSpace(s[i])
|
||||||
|
}
|
||||||
|
return s, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// InstanceAttributeValue returns the value of the provided VM
|
||||||
|
// instance attribute.
|
||||||
|
//
|
||||||
|
// If the requested attribute is not defined, the returned error will
|
||||||
|
// be of type NotDefinedError.
|
||||||
|
//
|
||||||
|
// InstanceAttributeValue may return ("", nil) if the attribute was
|
||||||
|
// defined to be the empty string.
|
||||||
|
func InstanceAttributeValue(attr string) (string, error) {
|
||||||
|
return Get("instance/attributes/" + attr)
|
||||||
|
}
|
||||||
|
|
||||||
|
// ProjectAttributeValue returns the value of the provided
|
||||||
|
// project attribute.
|
||||||
|
//
|
||||||
|
// If the requested attribute is not defined, the returned error will
|
||||||
|
// be of type NotDefinedError.
|
||||||
|
//
|
||||||
|
// ProjectAttributeValue may return ("", nil) if the attribute was
|
||||||
|
// defined to be the empty string.
|
||||||
|
func ProjectAttributeValue(attr string) (string, error) {
|
||||||
|
return Get("project/attributes/" + attr)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Scopes returns the service account scopes for the given account.
|
||||||
|
// The account may be empty or the string "default" to use the instance's
|
||||||
|
// main account.
|
||||||
|
func Scopes(serviceAccount string) ([]string, error) {
|
||||||
|
if serviceAccount == "" {
|
||||||
|
serviceAccount = "default"
|
||||||
|
}
|
||||||
|
return lines("instance/service-accounts/" + serviceAccount + "/scopes")
|
||||||
|
}
|
||||||
|
|
||||||
|
func strsContains(ss []string, s string) bool {
|
||||||
|
for _, v := range ss {
|
||||||
|
if v == s {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
64
vendor/cloud.google.com/go/internal/cloud.go
generated
vendored
Normal file
64
vendor/cloud.google.com/go/internal/cloud.go
generated
vendored
Normal file
|
@ -0,0 +1,64 @@
|
||||||
|
// Copyright 2014 Google Inc. All Rights Reserved.
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
// Package internal provides support for the cloud packages.
|
||||||
|
//
|
||||||
|
// Users should not import this package directly.
|
||||||
|
package internal
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"net/http"
|
||||||
|
)
|
||||||
|
|
||||||
|
const userAgent = "gcloud-golang/0.1"
|
||||||
|
|
||||||
|
// Transport is an http.RoundTripper that appends Google Cloud client's
|
||||||
|
// user-agent to the original request's user-agent header.
|
||||||
|
type Transport struct {
|
||||||
|
// TODO(bradfitz): delete internal.Transport. It's too wrappy for what it does.
|
||||||
|
// Do User-Agent some other way.
|
||||||
|
|
||||||
|
// Base is the actual http.RoundTripper
|
||||||
|
// requests will use. It must not be nil.
|
||||||
|
Base http.RoundTripper
|
||||||
|
}
|
||||||
|
|
||||||
|
// RoundTrip appends a user-agent to the existing user-agent
|
||||||
|
// header and delegates the request to the base http.RoundTripper.
|
||||||
|
func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) {
|
||||||
|
req = cloneRequest(req)
|
||||||
|
ua := req.Header.Get("User-Agent")
|
||||||
|
if ua == "" {
|
||||||
|
ua = userAgent
|
||||||
|
} else {
|
||||||
|
ua = fmt.Sprintf("%s %s", ua, userAgent)
|
||||||
|
}
|
||||||
|
req.Header.Set("User-Agent", ua)
|
||||||
|
return t.Base.RoundTrip(req)
|
||||||
|
}
|
||||||
|
|
||||||
|
// cloneRequest returns a clone of the provided *http.Request.
|
||||||
|
// The clone is a shallow copy of the struct and its Header map.
|
||||||
|
func cloneRequest(r *http.Request) *http.Request {
|
||||||
|
// shallow copy of the struct
|
||||||
|
r2 := new(http.Request)
|
||||||
|
*r2 = *r
|
||||||
|
// deep copy of the Header
|
||||||
|
r2.Header = make(http.Header)
|
||||||
|
for k, s := range r.Header {
|
||||||
|
r2.Header[k] = s
|
||||||
|
}
|
||||||
|
return r2
|
||||||
|
}
|
12
vendor/github.com/PuerkitoBio/purell/LICENSE
generated
vendored
Normal file
12
vendor/github.com/PuerkitoBio/purell/LICENSE
generated
vendored
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
Copyright (c) 2012, Martin Angers
|
||||||
|
All rights reserved.
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
||||||
|
|
||||||
|
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
||||||
|
|
||||||
|
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
|
||||||
|
|
||||||
|
* Neither the name of the author nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
375
vendor/github.com/PuerkitoBio/purell/purell.go
generated
vendored
Normal file
375
vendor/github.com/PuerkitoBio/purell/purell.go
generated
vendored
Normal file
|
@ -0,0 +1,375 @@
|
||||||
|
/*
|
||||||
|
Package purell offers URL normalization as described on the wikipedia page:
|
||||||
|
http://en.wikipedia.org/wiki/URL_normalization
|
||||||
|
*/
|
||||||
|
package purell
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"fmt"
|
||||||
|
"net/url"
|
||||||
|
"regexp"
|
||||||
|
"sort"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/PuerkitoBio/urlesc"
|
||||||
|
"golang.org/x/net/idna"
|
||||||
|
"golang.org/x/text/secure/precis"
|
||||||
|
"golang.org/x/text/unicode/norm"
|
||||||
|
)
|
||||||
|
|
||||||
|
// A set of normalization flags determines how a URL will
|
||||||
|
// be normalized.
|
||||||
|
type NormalizationFlags uint
|
||||||
|
|
||||||
|
const (
|
||||||
|
// Safe normalizations
|
||||||
|
FlagLowercaseScheme NormalizationFlags = 1 << iota // HTTP://host -> http://host, applied by default in Go1.1
|
||||||
|
FlagLowercaseHost // http://HOST -> http://host
|
||||||
|
FlagUppercaseEscapes // http://host/t%ef -> http://host/t%EF
|
||||||
|
FlagDecodeUnnecessaryEscapes // http://host/t%41 -> http://host/tA
|
||||||
|
FlagEncodeNecessaryEscapes // http://host/!"#$ -> http://host/%21%22#$
|
||||||
|
FlagRemoveDefaultPort // http://host:80 -> http://host
|
||||||
|
FlagRemoveEmptyQuerySeparator // http://host/path? -> http://host/path
|
||||||
|
|
||||||
|
// Usually safe normalizations
|
||||||
|
FlagRemoveTrailingSlash // http://host/path/ -> http://host/path
|
||||||
|
FlagAddTrailingSlash // http://host/path -> http://host/path/ (should choose only one of these add/remove trailing slash flags)
|
||||||
|
FlagRemoveDotSegments // http://host/path/./a/b/../c -> http://host/path/a/c
|
||||||
|
|
||||||
|
// Unsafe normalizations
|
||||||
|
FlagRemoveDirectoryIndex // http://host/path/index.html -> http://host/path/
|
||||||
|
FlagRemoveFragment // http://host/path#fragment -> http://host/path
|
||||||
|
FlagForceHTTP // https://host -> http://host
|
||||||
|
FlagRemoveDuplicateSlashes // http://host/path//a///b -> http://host/path/a/b
|
||||||
|
FlagRemoveWWW // http://www.host/ -> http://host/
|
||||||
|
FlagAddWWW // http://host/ -> http://www.host/ (should choose only one of these add/remove WWW flags)
|
||||||
|
FlagSortQuery // http://host/path?c=3&b=2&a=1&b=1 -> http://host/path?a=1&b=1&b=2&c=3
|
||||||
|
|
||||||
|
// Normalizations not in the wikipedia article, required to cover tests cases
|
||||||
|
// submitted by jehiah
|
||||||
|
FlagDecodeDWORDHost // http://1113982867 -> http://66.102.7.147
|
||||||
|
FlagDecodeOctalHost // http://0102.0146.07.0223 -> http://66.102.7.147
|
||||||
|
FlagDecodeHexHost // http://0x42660793 -> http://66.102.7.147
|
||||||
|
FlagRemoveUnnecessaryHostDots // http://.host../path -> http://host/path
|
||||||
|
FlagRemoveEmptyPortSeparator // http://host:/path -> http://host/path
|
||||||
|
|
||||||
|
// Convenience set of safe normalizations
|
||||||
|
FlagsSafe NormalizationFlags = FlagLowercaseHost | FlagLowercaseScheme | FlagUppercaseEscapes | FlagDecodeUnnecessaryEscapes | FlagEncodeNecessaryEscapes | FlagRemoveDefaultPort | FlagRemoveEmptyQuerySeparator
|
||||||
|
|
||||||
|
// For convenience sets, "greedy" uses the "remove trailing slash" and "remove www. prefix" flags,
|
||||||
|
// while "non-greedy" uses the "add (or keep) the trailing slash" and "add www. prefix".
|
||||||
|
|
||||||
|
// Convenience set of usually safe normalizations (includes FlagsSafe)
|
||||||
|
FlagsUsuallySafeGreedy NormalizationFlags = FlagsSafe | FlagRemoveTrailingSlash | FlagRemoveDotSegments
|
||||||
|
FlagsUsuallySafeNonGreedy NormalizationFlags = FlagsSafe | FlagAddTrailingSlash | FlagRemoveDotSegments
|
||||||
|
|
||||||
|
// Convenience set of unsafe normalizations (includes FlagsUsuallySafe)
|
||||||
|
FlagsUnsafeGreedy NormalizationFlags = FlagsUsuallySafeGreedy | FlagRemoveDirectoryIndex | FlagRemoveFragment | FlagForceHTTP | FlagRemoveDuplicateSlashes | FlagRemoveWWW | FlagSortQuery
|
||||||
|
FlagsUnsafeNonGreedy NormalizationFlags = FlagsUsuallySafeNonGreedy | FlagRemoveDirectoryIndex | FlagRemoveFragment | FlagForceHTTP | FlagRemoveDuplicateSlashes | FlagAddWWW | FlagSortQuery
|
||||||
|
|
||||||
|
// Convenience set of all available flags
|
||||||
|
FlagsAllGreedy = FlagsUnsafeGreedy | FlagDecodeDWORDHost | FlagDecodeOctalHost | FlagDecodeHexHost | FlagRemoveUnnecessaryHostDots | FlagRemoveEmptyPortSeparator
|
||||||
|
FlagsAllNonGreedy = FlagsUnsafeNonGreedy | FlagDecodeDWORDHost | FlagDecodeOctalHost | FlagDecodeHexHost | FlagRemoveUnnecessaryHostDots | FlagRemoveEmptyPortSeparator
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
defaultHttpPort = ":80"
|
||||||
|
defaultHttpsPort = ":443"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Regular expressions used by the normalizations
|
||||||
|
var rxPort = regexp.MustCompile(`(:\d+)/?$`)
|
||||||
|
var rxDirIndex = regexp.MustCompile(`(^|/)((?:default|index)\.\w{1,4})$`)
|
||||||
|
var rxDupSlashes = regexp.MustCompile(`/{2,}`)
|
||||||
|
var rxDWORDHost = regexp.MustCompile(`^(\d+)((?:\.+)?(?:\:\d*)?)$`)
|
||||||
|
var rxOctalHost = regexp.MustCompile(`^(0\d*)\.(0\d*)\.(0\d*)\.(0\d*)((?:\.+)?(?:\:\d*)?)$`)
|
||||||
|
var rxHexHost = regexp.MustCompile(`^0x([0-9A-Fa-f]+)((?:\.+)?(?:\:\d*)?)$`)
|
||||||
|
var rxHostDots = regexp.MustCompile(`^(.+?)(:\d+)?$`)
|
||||||
|
var rxEmptyPort = regexp.MustCompile(`:+$`)
|
||||||
|
|
||||||
|
// Map of flags to implementation function.
|
||||||
|
// FlagDecodeUnnecessaryEscapes has no action, since it is done automatically
|
||||||
|
// by parsing the string as an URL. Same for FlagUppercaseEscapes and FlagRemoveEmptyQuerySeparator.
|
||||||
|
|
||||||
|
// Since maps have undefined traversing order, make a slice of ordered keys
|
||||||
|
var flagsOrder = []NormalizationFlags{
|
||||||
|
FlagLowercaseScheme,
|
||||||
|
FlagLowercaseHost,
|
||||||
|
FlagRemoveDefaultPort,
|
||||||
|
FlagRemoveDirectoryIndex,
|
||||||
|
FlagRemoveDotSegments,
|
||||||
|
FlagRemoveFragment,
|
||||||
|
FlagForceHTTP, // Must be after remove default port (because https=443/http=80)
|
||||||
|
FlagRemoveDuplicateSlashes,
|
||||||
|
FlagRemoveWWW,
|
||||||
|
FlagAddWWW,
|
||||||
|
FlagSortQuery,
|
||||||
|
FlagDecodeDWORDHost,
|
||||||
|
FlagDecodeOctalHost,
|
||||||
|
FlagDecodeHexHost,
|
||||||
|
FlagRemoveUnnecessaryHostDots,
|
||||||
|
FlagRemoveEmptyPortSeparator,
|
||||||
|
FlagRemoveTrailingSlash, // These two (add/remove trailing slash) must be last
|
||||||
|
FlagAddTrailingSlash,
|
||||||
|
}
|
||||||
|
|
||||||
|
// ... and then the map, where order is unimportant
|
||||||
|
var flags = map[NormalizationFlags]func(*url.URL){
|
||||||
|
FlagLowercaseScheme: lowercaseScheme,
|
||||||
|
FlagLowercaseHost: lowercaseHost,
|
||||||
|
FlagRemoveDefaultPort: removeDefaultPort,
|
||||||
|
FlagRemoveDirectoryIndex: removeDirectoryIndex,
|
||||||
|
FlagRemoveDotSegments: removeDotSegments,
|
||||||
|
FlagRemoveFragment: removeFragment,
|
||||||
|
FlagForceHTTP: forceHTTP,
|
||||||
|
FlagRemoveDuplicateSlashes: removeDuplicateSlashes,
|
||||||
|
FlagRemoveWWW: removeWWW,
|
||||||
|
FlagAddWWW: addWWW,
|
||||||
|
FlagSortQuery: sortQuery,
|
||||||
|
FlagDecodeDWORDHost: decodeDWORDHost,
|
||||||
|
FlagDecodeOctalHost: decodeOctalHost,
|
||||||
|
FlagDecodeHexHost: decodeHexHost,
|
||||||
|
FlagRemoveUnnecessaryHostDots: removeUnncessaryHostDots,
|
||||||
|
FlagRemoveEmptyPortSeparator: removeEmptyPortSeparator,
|
||||||
|
FlagRemoveTrailingSlash: removeTrailingSlash,
|
||||||
|
FlagAddTrailingSlash: addTrailingSlash,
|
||||||
|
}
|
||||||
|
|
||||||
|
// MustNormalizeURLString returns the normalized string, and panics if an error occurs.
|
||||||
|
// It takes an URL string as input, as well as the normalization flags.
|
||||||
|
func MustNormalizeURLString(u string, f NormalizationFlags) string {
|
||||||
|
result, e := NormalizeURLString(u, f)
|
||||||
|
if e != nil {
|
||||||
|
panic(e)
|
||||||
|
}
|
||||||
|
return result
|
||||||
|
}
|
||||||
|
|
||||||
|
// NormalizeURLString returns the normalized string, or an error if it can't be parsed into an URL object.
|
||||||
|
// It takes an URL string as input, as well as the normalization flags.
|
||||||
|
func NormalizeURLString(u string, f NormalizationFlags) (string, error) {
|
||||||
|
if parsed, e := url.Parse(u); e != nil {
|
||||||
|
return "", e
|
||||||
|
} else {
|
||||||
|
options := make([]precis.Option, 1, 3)
|
||||||
|
options[0] = precis.IgnoreCase
|
||||||
|
if f&FlagLowercaseHost == FlagLowercaseHost {
|
||||||
|
options = append(options, precis.FoldCase())
|
||||||
|
}
|
||||||
|
options = append(options, precis.Norm(norm.NFC))
|
||||||
|
profile := precis.NewFreeform(options...)
|
||||||
|
if parsed.Host, e = idna.ToASCII(profile.NewTransformer().String(parsed.Host)); e != nil {
|
||||||
|
return "", e
|
||||||
|
}
|
||||||
|
return NormalizeURL(parsed, f), nil
|
||||||
|
}
|
||||||
|
panic("Unreachable code.")
|
||||||
|
}
|
||||||
|
|
||||||
|
// NormalizeURL returns the normalized string.
|
||||||
|
// It takes a parsed URL object as input, as well as the normalization flags.
|
||||||
|
func NormalizeURL(u *url.URL, f NormalizationFlags) string {
|
||||||
|
for _, k := range flagsOrder {
|
||||||
|
if f&k == k {
|
||||||
|
flags[k](u)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return urlesc.Escape(u)
|
||||||
|
}
|
||||||
|
|
||||||
|
func lowercaseScheme(u *url.URL) {
|
||||||
|
if len(u.Scheme) > 0 {
|
||||||
|
u.Scheme = strings.ToLower(u.Scheme)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func lowercaseHost(u *url.URL) {
|
||||||
|
if len(u.Host) > 0 {
|
||||||
|
u.Host = strings.ToLower(u.Host)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func removeDefaultPort(u *url.URL) {
|
||||||
|
if len(u.Host) > 0 {
|
||||||
|
scheme := strings.ToLower(u.Scheme)
|
||||||
|
u.Host = rxPort.ReplaceAllStringFunc(u.Host, func(val string) string {
|
||||||
|
if (scheme == "http" && val == defaultHttpPort) || (scheme == "https" && val == defaultHttpsPort) {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
return val
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func removeTrailingSlash(u *url.URL) {
|
||||||
|
if l := len(u.Path); l > 0 {
|
||||||
|
if strings.HasSuffix(u.Path, "/") {
|
||||||
|
u.Path = u.Path[:l-1]
|
||||||
|
}
|
||||||
|
} else if l = len(u.Host); l > 0 {
|
||||||
|
if strings.HasSuffix(u.Host, "/") {
|
||||||
|
u.Host = u.Host[:l-1]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func addTrailingSlash(u *url.URL) {
|
||||||
|
if l := len(u.Path); l > 0 {
|
||||||
|
if !strings.HasSuffix(u.Path, "/") {
|
||||||
|
u.Path += "/"
|
||||||
|
}
|
||||||
|
} else if l = len(u.Host); l > 0 {
|
||||||
|
if !strings.HasSuffix(u.Host, "/") {
|
||||||
|
u.Host += "/"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func removeDotSegments(u *url.URL) {
|
||||||
|
if len(u.Path) > 0 {
|
||||||
|
var dotFree []string
|
||||||
|
var lastIsDot bool
|
||||||
|
|
||||||
|
sections := strings.Split(u.Path, "/")
|
||||||
|
for _, s := range sections {
|
||||||
|
if s == ".." {
|
||||||
|
if len(dotFree) > 0 {
|
||||||
|
dotFree = dotFree[:len(dotFree)-1]
|
||||||
|
}
|
||||||
|
} else if s != "." {
|
||||||
|
dotFree = append(dotFree, s)
|
||||||
|
}
|
||||||
|
lastIsDot = (s == "." || s == "..")
|
||||||
|
}
|
||||||
|
// Special case if host does not end with / and new path does not begin with /
|
||||||
|
u.Path = strings.Join(dotFree, "/")
|
||||||
|
if u.Host != "" && !strings.HasSuffix(u.Host, "/") && !strings.HasPrefix(u.Path, "/") {
|
||||||
|
u.Path = "/" + u.Path
|
||||||
|
}
|
||||||
|
// Special case if the last segment was a dot, make sure the path ends with a slash
|
||||||
|
if lastIsDot && !strings.HasSuffix(u.Path, "/") {
|
||||||
|
u.Path += "/"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func removeDirectoryIndex(u *url.URL) {
|
||||||
|
if len(u.Path) > 0 {
|
||||||
|
u.Path = rxDirIndex.ReplaceAllString(u.Path, "$1")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func removeFragment(u *url.URL) {
|
||||||
|
u.Fragment = ""
|
||||||
|
}
|
||||||
|
|
||||||
|
func forceHTTP(u *url.URL) {
|
||||||
|
if strings.ToLower(u.Scheme) == "https" {
|
||||||
|
u.Scheme = "http"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func removeDuplicateSlashes(u *url.URL) {
|
||||||
|
if len(u.Path) > 0 {
|
||||||
|
u.Path = rxDupSlashes.ReplaceAllString(u.Path, "/")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func removeWWW(u *url.URL) {
|
||||||
|
if len(u.Host) > 0 && strings.HasPrefix(strings.ToLower(u.Host), "www.") {
|
||||||
|
u.Host = u.Host[4:]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func addWWW(u *url.URL) {
|
||||||
|
if len(u.Host) > 0 && !strings.HasPrefix(strings.ToLower(u.Host), "www.") {
|
||||||
|
u.Host = "www." + u.Host
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func sortQuery(u *url.URL) {
|
||||||
|
q := u.Query()
|
||||||
|
|
||||||
|
if len(q) > 0 {
|
||||||
|
arKeys := make([]string, len(q))
|
||||||
|
i := 0
|
||||||
|
for k, _ := range q {
|
||||||
|
arKeys[i] = k
|
||||||
|
i++
|
||||||
|
}
|
||||||
|
sort.Strings(arKeys)
|
||||||
|
buf := new(bytes.Buffer)
|
||||||
|
for _, k := range arKeys {
|
||||||
|
sort.Strings(q[k])
|
||||||
|
for _, v := range q[k] {
|
||||||
|
if buf.Len() > 0 {
|
||||||
|
buf.WriteRune('&')
|
||||||
|
}
|
||||||
|
buf.WriteString(fmt.Sprintf("%s=%s", k, urlesc.QueryEscape(v)))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Rebuild the raw query string
|
||||||
|
u.RawQuery = buf.String()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func decodeDWORDHost(u *url.URL) {
|
||||||
|
if len(u.Host) > 0 {
|
||||||
|
if matches := rxDWORDHost.FindStringSubmatch(u.Host); len(matches) > 2 {
|
||||||
|
var parts [4]int64
|
||||||
|
|
||||||
|
dword, _ := strconv.ParseInt(matches[1], 10, 0)
|
||||||
|
for i, shift := range []uint{24, 16, 8, 0} {
|
||||||
|
parts[i] = dword >> shift & 0xFF
|
||||||
|
}
|
||||||
|
u.Host = fmt.Sprintf("%d.%d.%d.%d%s", parts[0], parts[1], parts[2], parts[3], matches[2])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func decodeOctalHost(u *url.URL) {
|
||||||
|
if len(u.Host) > 0 {
|
||||||
|
if matches := rxOctalHost.FindStringSubmatch(u.Host); len(matches) > 5 {
|
||||||
|
var parts [4]int64
|
||||||
|
|
||||||
|
for i := 1; i <= 4; i++ {
|
||||||
|
parts[i-1], _ = strconv.ParseInt(matches[i], 8, 0)
|
||||||
|
}
|
||||||
|
u.Host = fmt.Sprintf("%d.%d.%d.%d%s", parts[0], parts[1], parts[2], parts[3], matches[5])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func decodeHexHost(u *url.URL) {
|
||||||
|
if len(u.Host) > 0 {
|
||||||
|
if matches := rxHexHost.FindStringSubmatch(u.Host); len(matches) > 2 {
|
||||||
|
// Conversion is safe because of regex validation
|
||||||
|
parsed, _ := strconv.ParseInt(matches[1], 16, 0)
|
||||||
|
// Set host as DWORD (base 10) encoded host
|
||||||
|
u.Host = fmt.Sprintf("%d%s", parsed, matches[2])
|
||||||
|
// The rest is the same as decoding a DWORD host
|
||||||
|
decodeDWORDHost(u)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func removeUnncessaryHostDots(u *url.URL) {
|
||||||
|
if len(u.Host) > 0 {
|
||||||
|
if matches := rxHostDots.FindStringSubmatch(u.Host); len(matches) > 1 {
|
||||||
|
// Trim the leading and trailing dots
|
||||||
|
u.Host = strings.Trim(matches[1], ".")
|
||||||
|
if len(matches) > 2 {
|
||||||
|
u.Host += matches[2]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func removeEmptyPortSeparator(u *url.URL) {
|
||||||
|
if len(u.Host) > 0 {
|
||||||
|
u.Host = rxEmptyPort.ReplaceAllString(u.Host, "")
|
||||||
|
}
|
||||||
|
}
|
27
vendor/github.com/PuerkitoBio/urlesc/LICENSE
generated
vendored
Normal file
27
vendor/github.com/PuerkitoBio/urlesc/LICENSE
generated
vendored
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
Copyright (c) 2012 The Go Authors. All rights reserved.
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without
|
||||||
|
modification, are permitted provided that the following conditions are
|
||||||
|
met:
|
||||||
|
|
||||||
|
* Redistributions of source code must retain the above copyright
|
||||||
|
notice, this list of conditions and the following disclaimer.
|
||||||
|
* Redistributions in binary form must reproduce the above
|
||||||
|
copyright notice, this list of conditions and the following disclaimer
|
||||||
|
in the documentation and/or other materials provided with the
|
||||||
|
distribution.
|
||||||
|
* Neither the name of Google Inc. nor the names of its
|
||||||
|
contributors may be used to endorse or promote products derived from
|
||||||
|
this software without specific prior written permission.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||||
|
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||||
|
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||||
|
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||||
|
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||||
|
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||||
|
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
180
vendor/github.com/PuerkitoBio/urlesc/urlesc.go
generated
vendored
Normal file
180
vendor/github.com/PuerkitoBio/urlesc/urlesc.go
generated
vendored
Normal file
|
@ -0,0 +1,180 @@
|
||||||
|
// Copyright 2009 The Go Authors. All rights reserved.
|
||||||
|
// Use of this source code is governed by a BSD-style
|
||||||
|
// license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
// Package urlesc implements query escaping as per RFC 3986.
|
||||||
|
// It contains some parts of the net/url package, modified so as to allow
|
||||||
|
// some reserved characters incorrectly escaped by net/url.
|
||||||
|
// See https://github.com/golang/go/issues/5684
|
||||||
|
package urlesc
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"net/url"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
type encoding int
|
||||||
|
|
||||||
|
const (
|
||||||
|
encodePath encoding = 1 + iota
|
||||||
|
encodeUserPassword
|
||||||
|
encodeQueryComponent
|
||||||
|
encodeFragment
|
||||||
|
)
|
||||||
|
|
||||||
|
// Return true if the specified character should be escaped when
|
||||||
|
// appearing in a URL string, according to RFC 3986.
|
||||||
|
func shouldEscape(c byte, mode encoding) bool {
|
||||||
|
// §2.3 Unreserved characters (alphanum)
|
||||||
|
if 'A' <= c && c <= 'Z' || 'a' <= c && c <= 'z' || '0' <= c && c <= '9' {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
switch c {
|
||||||
|
case '-', '.', '_', '~': // §2.3 Unreserved characters (mark)
|
||||||
|
return false
|
||||||
|
|
||||||
|
// §2.2 Reserved characters (reserved)
|
||||||
|
case ':', '/', '?', '#', '[', ']', '@', // gen-delims
|
||||||
|
'!', '$', '&', '\'', '(', ')', '*', '+', ',', ';', '=': // sub-delims
|
||||||
|
// Different sections of the URL allow a few of
|
||||||
|
// the reserved characters to appear unescaped.
|
||||||
|
switch mode {
|
||||||
|
case encodePath: // §3.3
|
||||||
|
// The RFC allows sub-delims and : @.
|
||||||
|
// '/', '[' and ']' can be used to assign meaning to individual path
|
||||||
|
// segments. This package only manipulates the path as a whole,
|
||||||
|
// so we allow those as well. That leaves only ? and # to escape.
|
||||||
|
return c == '?' || c == '#'
|
||||||
|
|
||||||
|
case encodeUserPassword: // §3.2.1
|
||||||
|
// The RFC allows : and sub-delims in
|
||||||
|
// userinfo. The parsing of userinfo treats ':' as special so we must escape
|
||||||
|
// all the gen-delims.
|
||||||
|
return c == ':' || c == '/' || c == '?' || c == '#' || c == '[' || c == ']' || c == '@'
|
||||||
|
|
||||||
|
case encodeQueryComponent: // §3.4
|
||||||
|
// The RFC allows / and ?.
|
||||||
|
return c != '/' && c != '?'
|
||||||
|
|
||||||
|
case encodeFragment: // §4.1
|
||||||
|
// The RFC text is silent but the grammar allows
|
||||||
|
// everything, so escape nothing but #
|
||||||
|
return c == '#'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Everything else must be escaped.
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
// QueryEscape escapes the string so it can be safely placed
|
||||||
|
// inside a URL query.
|
||||||
|
func QueryEscape(s string) string {
|
||||||
|
return escape(s, encodeQueryComponent)
|
||||||
|
}
|
||||||
|
|
||||||
|
func escape(s string, mode encoding) string {
|
||||||
|
spaceCount, hexCount := 0, 0
|
||||||
|
for i := 0; i < len(s); i++ {
|
||||||
|
c := s[i]
|
||||||
|
if shouldEscape(c, mode) {
|
||||||
|
if c == ' ' && mode == encodeQueryComponent {
|
||||||
|
spaceCount++
|
||||||
|
} else {
|
||||||
|
hexCount++
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if spaceCount == 0 && hexCount == 0 {
|
||||||
|
return s
|
||||||
|
}
|
||||||
|
|
||||||
|
t := make([]byte, len(s)+2*hexCount)
|
||||||
|
j := 0
|
||||||
|
for i := 0; i < len(s); i++ {
|
||||||
|
switch c := s[i]; {
|
||||||
|
case c == ' ' && mode == encodeQueryComponent:
|
||||||
|
t[j] = '+'
|
||||||
|
j++
|
||||||
|
case shouldEscape(c, mode):
|
||||||
|
t[j] = '%'
|
||||||
|
t[j+1] = "0123456789ABCDEF"[c>>4]
|
||||||
|
t[j+2] = "0123456789ABCDEF"[c&15]
|
||||||
|
j += 3
|
||||||
|
default:
|
||||||
|
t[j] = s[i]
|
||||||
|
j++
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return string(t)
|
||||||
|
}
|
||||||
|
|
||||||
|
var uiReplacer = strings.NewReplacer(
|
||||||
|
"%21", "!",
|
||||||
|
"%27", "'",
|
||||||
|
"%28", "(",
|
||||||
|
"%29", ")",
|
||||||
|
"%2A", "*",
|
||||||
|
)
|
||||||
|
|
||||||
|
// unescapeUserinfo unescapes some characters that need not to be escaped as per RFC3986.
|
||||||
|
func unescapeUserinfo(s string) string {
|
||||||
|
return uiReplacer.Replace(s)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Escape reassembles the URL into a valid URL string.
|
||||||
|
// The general form of the result is one of:
|
||||||
|
//
|
||||||
|
// scheme:opaque
|
||||||
|
// scheme://userinfo@host/path?query#fragment
|
||||||
|
//
|
||||||
|
// If u.Opaque is non-empty, String uses the first form;
|
||||||
|
// otherwise it uses the second form.
|
||||||
|
//
|
||||||
|
// In the second form, the following rules apply:
|
||||||
|
// - if u.Scheme is empty, scheme: is omitted.
|
||||||
|
// - if u.User is nil, userinfo@ is omitted.
|
||||||
|
// - if u.Host is empty, host/ is omitted.
|
||||||
|
// - if u.Scheme and u.Host are empty and u.User is nil,
|
||||||
|
// the entire scheme://userinfo@host/ is omitted.
|
||||||
|
// - if u.Host is non-empty and u.Path begins with a /,
|
||||||
|
// the form host/path does not add its own /.
|
||||||
|
// - if u.RawQuery is empty, ?query is omitted.
|
||||||
|
// - if u.Fragment is empty, #fragment is omitted.
|
||||||
|
func Escape(u *url.URL) string {
|
||||||
|
var buf bytes.Buffer
|
||||||
|
if u.Scheme != "" {
|
||||||
|
buf.WriteString(u.Scheme)
|
||||||
|
buf.WriteByte(':')
|
||||||
|
}
|
||||||
|
if u.Opaque != "" {
|
||||||
|
buf.WriteString(u.Opaque)
|
||||||
|
} else {
|
||||||
|
if u.Scheme != "" || u.Host != "" || u.User != nil {
|
||||||
|
buf.WriteString("//")
|
||||||
|
if ui := u.User; ui != nil {
|
||||||
|
buf.WriteString(unescapeUserinfo(ui.String()))
|
||||||
|
buf.WriteByte('@')
|
||||||
|
}
|
||||||
|
if h := u.Host; h != "" {
|
||||||
|
buf.WriteString(h)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if u.Path != "" && u.Path[0] != '/' && u.Host != "" {
|
||||||
|
buf.WriteByte('/')
|
||||||
|
}
|
||||||
|
buf.WriteString(escape(u.Path, encodePath))
|
||||||
|
}
|
||||||
|
if u.RawQuery != "" {
|
||||||
|
buf.WriteByte('?')
|
||||||
|
buf.WriteString(u.RawQuery)
|
||||||
|
}
|
||||||
|
if u.Fragment != "" {
|
||||||
|
buf.WriteByte('#')
|
||||||
|
buf.WriteString(escape(u.Fragment, encodeFragment))
|
||||||
|
}
|
||||||
|
return buf.String()
|
||||||
|
}
|
22
vendor/github.com/blang/semver/LICENSE
generated
vendored
Normal file
22
vendor/github.com/blang/semver/LICENSE
generated
vendored
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
The MIT License
|
||||||
|
|
||||||
|
Copyright (c) 2014 Benedikt Lang <github at benediktlang.de>
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights
|
||||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the Software is
|
||||||
|
furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in
|
||||||
|
all copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||||
|
THE SOFTWARE.
|
||||||
|
|
23
vendor/github.com/blang/semver/json.go
generated
vendored
Normal file
23
vendor/github.com/blang/semver/json.go
generated
vendored
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
package semver
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
)
|
||||||
|
|
||||||
|
// MarshalJSON implements the encoding/json.Marshaler interface.
|
||||||
|
func (v Version) MarshalJSON() ([]byte, error) {
|
||||||
|
return json.Marshal(v.String())
|
||||||
|
}
|
||||||
|
|
||||||
|
// UnmarshalJSON implements the encoding/json.Unmarshaler interface.
|
||||||
|
func (v *Version) UnmarshalJSON(data []byte) (err error) {
|
||||||
|
var versionString string
|
||||||
|
|
||||||
|
if err = json.Unmarshal(data, &versionString); err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
*v, err = Parse(versionString)
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
395
vendor/github.com/blang/semver/semver.go
generated
vendored
Normal file
395
vendor/github.com/blang/semver/semver.go
generated
vendored
Normal file
|
@ -0,0 +1,395 @@
|
||||||
|
package semver
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
numbers string = "0123456789"
|
||||||
|
alphas = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-"
|
||||||
|
alphanum = alphas + numbers
|
||||||
|
)
|
||||||
|
|
||||||
|
// SpecVersion is the latest fully supported spec version of semver
|
||||||
|
var SpecVersion = Version{
|
||||||
|
Major: 2,
|
||||||
|
Minor: 0,
|
||||||
|
Patch: 0,
|
||||||
|
}
|
||||||
|
|
||||||
|
// Version represents a semver compatible version
|
||||||
|
type Version struct {
|
||||||
|
Major uint64
|
||||||
|
Minor uint64
|
||||||
|
Patch uint64
|
||||||
|
Pre []PRVersion
|
||||||
|
Build []string //No Precendence
|
||||||
|
}
|
||||||
|
|
||||||
|
// Version to string
|
||||||
|
func (v Version) String() string {
|
||||||
|
b := make([]byte, 0, 5)
|
||||||
|
b = strconv.AppendUint(b, v.Major, 10)
|
||||||
|
b = append(b, '.')
|
||||||
|
b = strconv.AppendUint(b, v.Minor, 10)
|
||||||
|
b = append(b, '.')
|
||||||
|
b = strconv.AppendUint(b, v.Patch, 10)
|
||||||
|
|
||||||
|
if len(v.Pre) > 0 {
|
||||||
|
b = append(b, '-')
|
||||||
|
b = append(b, v.Pre[0].String()...)
|
||||||
|
|
||||||
|
for _, pre := range v.Pre[1:] {
|
||||||
|
b = append(b, '.')
|
||||||
|
b = append(b, pre.String()...)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(v.Build) > 0 {
|
||||||
|
b = append(b, '+')
|
||||||
|
b = append(b, v.Build[0]...)
|
||||||
|
|
||||||
|
for _, build := range v.Build[1:] {
|
||||||
|
b = append(b, '.')
|
||||||
|
b = append(b, build...)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return string(b)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Equals checks if v is equal to o.
|
||||||
|
func (v Version) Equals(o Version) bool {
|
||||||
|
return (v.Compare(o) == 0)
|
||||||
|
}
|
||||||
|
|
||||||
|
// EQ checks if v is equal to o.
|
||||||
|
func (v Version) EQ(o Version) bool {
|
||||||
|
return (v.Compare(o) == 0)
|
||||||
|
}
|
||||||
|
|
||||||
|
// NE checks if v is not equal to o.
|
||||||
|
func (v Version) NE(o Version) bool {
|
||||||
|
return (v.Compare(o) != 0)
|
||||||
|
}
|
||||||
|
|
||||||
|
// GT checks if v is greater than o.
|
||||||
|
func (v Version) GT(o Version) bool {
|
||||||
|
return (v.Compare(o) == 1)
|
||||||
|
}
|
||||||
|
|
||||||
|
// GTE checks if v is greater than or equal to o.
|
||||||
|
func (v Version) GTE(o Version) bool {
|
||||||
|
return (v.Compare(o) >= 0)
|
||||||
|
}
|
||||||
|
|
||||||
|
// GE checks if v is greater than or equal to o.
|
||||||
|
func (v Version) GE(o Version) bool {
|
||||||
|
return (v.Compare(o) >= 0)
|
||||||
|
}
|
||||||
|
|
||||||
|
// LT checks if v is less than o.
|
||||||
|
func (v Version) LT(o Version) bool {
|
||||||
|
return (v.Compare(o) == -1)
|
||||||
|
}
|
||||||
|
|
||||||
|
// LTE checks if v is less than or equal to o.
|
||||||
|
func (v Version) LTE(o Version) bool {
|
||||||
|
return (v.Compare(o) <= 0)
|
||||||
|
}
|
||||||
|
|
||||||
|
// LE checks if v is less than or equal to o.
|
||||||
|
func (v Version) LE(o Version) bool {
|
||||||
|
return (v.Compare(o) <= 0)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Compare compares Versions v to o:
|
||||||
|
// -1 == v is less than o
|
||||||
|
// 0 == v is equal to o
|
||||||
|
// 1 == v is greater than o
|
||||||
|
func (v Version) Compare(o Version) int {
|
||||||
|
if v.Major != o.Major {
|
||||||
|
if v.Major > o.Major {
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
return -1
|
||||||
|
}
|
||||||
|
if v.Minor != o.Minor {
|
||||||
|
if v.Minor > o.Minor {
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
return -1
|
||||||
|
}
|
||||||
|
if v.Patch != o.Patch {
|
||||||
|
if v.Patch > o.Patch {
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
return -1
|
||||||
|
}
|
||||||
|
|
||||||
|
// Quick comparison if a version has no prerelease versions
|
||||||
|
if len(v.Pre) == 0 && len(o.Pre) == 0 {
|
||||||
|
return 0
|
||||||
|
} else if len(v.Pre) == 0 && len(o.Pre) > 0 {
|
||||||
|
return 1
|
||||||
|
} else if len(v.Pre) > 0 && len(o.Pre) == 0 {
|
||||||
|
return -1
|
||||||
|
}
|
||||||
|
|
||||||
|
i := 0
|
||||||
|
for ; i < len(v.Pre) && i < len(o.Pre); i++ {
|
||||||
|
if comp := v.Pre[i].Compare(o.Pre[i]); comp == 0 {
|
||||||
|
continue
|
||||||
|
} else if comp == 1 {
|
||||||
|
return 1
|
||||||
|
} else {
|
||||||
|
return -1
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// If all pr versions are the equal but one has further prversion, this one greater
|
||||||
|
if i == len(v.Pre) && i == len(o.Pre) {
|
||||||
|
return 0
|
||||||
|
} else if i == len(v.Pre) && i < len(o.Pre) {
|
||||||
|
return -1
|
||||||
|
} else {
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
// Validate validates v and returns error in case
|
||||||
|
func (v Version) Validate() error {
|
||||||
|
// Major, Minor, Patch already validated using uint64
|
||||||
|
|
||||||
|
for _, pre := range v.Pre {
|
||||||
|
if !pre.IsNum { //Numeric prerelease versions already uint64
|
||||||
|
if len(pre.VersionStr) == 0 {
|
||||||
|
return fmt.Errorf("Prerelease can not be empty %q", pre.VersionStr)
|
||||||
|
}
|
||||||
|
if !containsOnly(pre.VersionStr, alphanum) {
|
||||||
|
return fmt.Errorf("Invalid character(s) found in prerelease %q", pre.VersionStr)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, build := range v.Build {
|
||||||
|
if len(build) == 0 {
|
||||||
|
return fmt.Errorf("Build meta data can not be empty %q", build)
|
||||||
|
}
|
||||||
|
if !containsOnly(build, alphanum) {
|
||||||
|
return fmt.Errorf("Invalid character(s) found in build meta data %q", build)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// New is an alias for Parse and returns a pointer, parses version string and returns a validated Version or error
|
||||||
|
func New(s string) (vp *Version, err error) {
|
||||||
|
v, err := Parse(s)
|
||||||
|
vp = &v
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Make is an alias for Parse, parses version string and returns a validated Version or error
|
||||||
|
func Make(s string) (Version, error) {
|
||||||
|
return Parse(s)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Parse parses version string and returns a validated Version or error
|
||||||
|
func Parse(s string) (Version, error) {
|
||||||
|
if len(s) == 0 {
|
||||||
|
return Version{}, errors.New("Version string empty")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Split into major.minor.(patch+pr+meta)
|
||||||
|
parts := strings.SplitN(s, ".", 3)
|
||||||
|
if len(parts) != 3 {
|
||||||
|
return Version{}, errors.New("No Major.Minor.Patch elements found")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Major
|
||||||
|
if !containsOnly(parts[0], numbers) {
|
||||||
|
return Version{}, fmt.Errorf("Invalid character(s) found in major number %q", parts[0])
|
||||||
|
}
|
||||||
|
if hasLeadingZeroes(parts[0]) {
|
||||||
|
return Version{}, fmt.Errorf("Major number must not contain leading zeroes %q", parts[0])
|
||||||
|
}
|
||||||
|
major, err := strconv.ParseUint(parts[0], 10, 64)
|
||||||
|
if err != nil {
|
||||||
|
return Version{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Minor
|
||||||
|
if !containsOnly(parts[1], numbers) {
|
||||||
|
return Version{}, fmt.Errorf("Invalid character(s) found in minor number %q", parts[1])
|
||||||
|
}
|
||||||
|
if hasLeadingZeroes(parts[1]) {
|
||||||
|
return Version{}, fmt.Errorf("Minor number must not contain leading zeroes %q", parts[1])
|
||||||
|
}
|
||||||
|
minor, err := strconv.ParseUint(parts[1], 10, 64)
|
||||||
|
if err != nil {
|
||||||
|
return Version{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
v := Version{}
|
||||||
|
v.Major = major
|
||||||
|
v.Minor = minor
|
||||||
|
|
||||||
|
var build, prerelease []string
|
||||||
|
patchStr := parts[2]
|
||||||
|
|
||||||
|
if buildIndex := strings.IndexRune(patchStr, '+'); buildIndex != -1 {
|
||||||
|
build = strings.Split(patchStr[buildIndex+1:], ".")
|
||||||
|
patchStr = patchStr[:buildIndex]
|
||||||
|
}
|
||||||
|
|
||||||
|
if preIndex := strings.IndexRune(patchStr, '-'); preIndex != -1 {
|
||||||
|
prerelease = strings.Split(patchStr[preIndex+1:], ".")
|
||||||
|
patchStr = patchStr[:preIndex]
|
||||||
|
}
|
||||||
|
|
||||||
|
if !containsOnly(patchStr, numbers) {
|
||||||
|
return Version{}, fmt.Errorf("Invalid character(s) found in patch number %q", patchStr)
|
||||||
|
}
|
||||||
|
if hasLeadingZeroes(patchStr) {
|
||||||
|
return Version{}, fmt.Errorf("Patch number must not contain leading zeroes %q", patchStr)
|
||||||
|
}
|
||||||
|
patch, err := strconv.ParseUint(patchStr, 10, 64)
|
||||||
|
if err != nil {
|
||||||
|
return Version{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
v.Patch = patch
|
||||||
|
|
||||||
|
// Prerelease
|
||||||
|
for _, prstr := range prerelease {
|
||||||
|
parsedPR, err := NewPRVersion(prstr)
|
||||||
|
if err != nil {
|
||||||
|
return Version{}, err
|
||||||
|
}
|
||||||
|
v.Pre = append(v.Pre, parsedPR)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Build meta data
|
||||||
|
for _, str := range build {
|
||||||
|
if len(str) == 0 {
|
||||||
|
return Version{}, errors.New("Build meta data is empty")
|
||||||
|
}
|
||||||
|
if !containsOnly(str, alphanum) {
|
||||||
|
return Version{}, fmt.Errorf("Invalid character(s) found in build meta data %q", str)
|
||||||
|
}
|
||||||
|
v.Build = append(v.Build, str)
|
||||||
|
}
|
||||||
|
|
||||||
|
return v, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// MustParse is like Parse but panics if the version cannot be parsed.
|
||||||
|
func MustParse(s string) Version {
|
||||||
|
v, err := Parse(s)
|
||||||
|
if err != nil {
|
||||||
|
panic(`semver: Parse(` + s + `): ` + err.Error())
|
||||||
|
}
|
||||||
|
return v
|
||||||
|
}
|
||||||
|
|
||||||
|
// PRVersion represents a PreRelease Version
|
||||||
|
type PRVersion struct {
|
||||||
|
VersionStr string
|
||||||
|
VersionNum uint64
|
||||||
|
IsNum bool
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewPRVersion creates a new valid prerelease version
|
||||||
|
func NewPRVersion(s string) (PRVersion, error) {
|
||||||
|
if len(s) == 0 {
|
||||||
|
return PRVersion{}, errors.New("Prerelease is empty")
|
||||||
|
}
|
||||||
|
v := PRVersion{}
|
||||||
|
if containsOnly(s, numbers) {
|
||||||
|
if hasLeadingZeroes(s) {
|
||||||
|
return PRVersion{}, fmt.Errorf("Numeric PreRelease version must not contain leading zeroes %q", s)
|
||||||
|
}
|
||||||
|
num, err := strconv.ParseUint(s, 10, 64)
|
||||||
|
|
||||||
|
// Might never be hit, but just in case
|
||||||
|
if err != nil {
|
||||||
|
return PRVersion{}, err
|
||||||
|
}
|
||||||
|
v.VersionNum = num
|
||||||
|
v.IsNum = true
|
||||||
|
} else if containsOnly(s, alphanum) {
|
||||||
|
v.VersionStr = s
|
||||||
|
v.IsNum = false
|
||||||
|
} else {
|
||||||
|
return PRVersion{}, fmt.Errorf("Invalid character(s) found in prerelease %q", s)
|
||||||
|
}
|
||||||
|
return v, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// IsNumeric checks if prerelease-version is numeric
|
||||||
|
func (v PRVersion) IsNumeric() bool {
|
||||||
|
return v.IsNum
|
||||||
|
}
|
||||||
|
|
||||||
|
// Compare compares two PreRelease Versions v and o:
|
||||||
|
// -1 == v is less than o
|
||||||
|
// 0 == v is equal to o
|
||||||
|
// 1 == v is greater than o
|
||||||
|
func (v PRVersion) Compare(o PRVersion) int {
|
||||||
|
if v.IsNum && !o.IsNum {
|
||||||
|
return -1
|
||||||
|
} else if !v.IsNum && o.IsNum {
|
||||||
|
return 1
|
||||||
|
} else if v.IsNum && o.IsNum {
|
||||||
|
if v.VersionNum == o.VersionNum {
|
||||||
|
return 0
|
||||||
|
} else if v.VersionNum > o.VersionNum {
|
||||||
|
return 1
|
||||||
|
} else {
|
||||||
|
return -1
|
||||||
|
}
|
||||||
|
} else { // both are Alphas
|
||||||
|
if v.VersionStr == o.VersionStr {
|
||||||
|
return 0
|
||||||
|
} else if v.VersionStr > o.VersionStr {
|
||||||
|
return 1
|
||||||
|
} else {
|
||||||
|
return -1
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// PreRelease version to string
|
||||||
|
func (v PRVersion) String() string {
|
||||||
|
if v.IsNum {
|
||||||
|
return strconv.FormatUint(v.VersionNum, 10)
|
||||||
|
}
|
||||||
|
return v.VersionStr
|
||||||
|
}
|
||||||
|
|
||||||
|
func containsOnly(s string, set string) bool {
|
||||||
|
return strings.IndexFunc(s, func(r rune) bool {
|
||||||
|
return !strings.ContainsRune(set, r)
|
||||||
|
}) == -1
|
||||||
|
}
|
||||||
|
|
||||||
|
func hasLeadingZeroes(s string) bool {
|
||||||
|
return len(s) > 1 && s[0] == '0'
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewBuildVersion creates a new valid build version
|
||||||
|
func NewBuildVersion(s string) (string, error) {
|
||||||
|
if len(s) == 0 {
|
||||||
|
return "", errors.New("Buildversion is empty")
|
||||||
|
}
|
||||||
|
if !containsOnly(s, alphanum) {
|
||||||
|
return "", fmt.Errorf("Invalid character(s) found in build meta data %q", s)
|
||||||
|
}
|
||||||
|
return s, nil
|
||||||
|
}
|
28
vendor/github.com/blang/semver/sort.go
generated
vendored
Normal file
28
vendor/github.com/blang/semver/sort.go
generated
vendored
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
package semver
|
||||||
|
|
||||||
|
import (
|
||||||
|
"sort"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Versions represents multiple versions.
|
||||||
|
type Versions []Version
|
||||||
|
|
||||||
|
// Len returns length of version collection
|
||||||
|
func (s Versions) Len() int {
|
||||||
|
return len(s)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Swap swaps two versions inside the collection by its indices
|
||||||
|
func (s Versions) Swap(i, j int) {
|
||||||
|
s[i], s[j] = s[j], s[i]
|
||||||
|
}
|
||||||
|
|
||||||
|
// Less checks if version at index i is less than version at index j
|
||||||
|
func (s Versions) Less(i, j int) bool {
|
||||||
|
return s[i].LT(s[j])
|
||||||
|
}
|
||||||
|
|
||||||
|
// Sort sorts a slice of versions
|
||||||
|
func Sort(versions []Version) {
|
||||||
|
sort.Sort(Versions(versions))
|
||||||
|
}
|
30
vendor/github.com/blang/semver/sql.go
generated
vendored
Normal file
30
vendor/github.com/blang/semver/sql.go
generated
vendored
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
package semver
|
||||||
|
|
||||||
|
import (
|
||||||
|
"database/sql/driver"
|
||||||
|
"fmt"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Scan implements the database/sql.Scanner interface.
|
||||||
|
func (v *Version) Scan(src interface{}) (err error) {
|
||||||
|
var str string
|
||||||
|
switch src := src.(type) {
|
||||||
|
case string:
|
||||||
|
str = src
|
||||||
|
case []byte:
|
||||||
|
str = string(src)
|
||||||
|
default:
|
||||||
|
return fmt.Errorf("Version.Scan: cannot convert %T to string.", src)
|
||||||
|
}
|
||||||
|
|
||||||
|
if t, err := Parse(str); err == nil {
|
||||||
|
*v = t
|
||||||
|
}
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Value implements the database/sql/driver.Valuer interface.
|
||||||
|
func (v Version) Value() (driver.Value, error) {
|
||||||
|
return v.String(), nil
|
||||||
|
}
|
202
vendor/github.com/coreos/go-oidc/LICENSE
generated
vendored
Normal file
202
vendor/github.com/coreos/go-oidc/LICENSE
generated
vendored
Normal file
|
@ -0,0 +1,202 @@
|
||||||
|
Apache License
|
||||||
|
Version 2.0, January 2004
|
||||||
|
http://www.apache.org/licenses/
|
||||||
|
|
||||||
|
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||||
|
|
||||||
|
1. Definitions.
|
||||||
|
|
||||||
|
"License" shall mean the terms and conditions for use, reproduction,
|
||||||
|
and distribution as defined by Sections 1 through 9 of this document.
|
||||||
|
|
||||||
|
"Licensor" shall mean the copyright owner or entity authorized by
|
||||||
|
the copyright owner that is granting the License.
|
||||||
|
|
||||||
|
"Legal Entity" shall mean the union of the acting entity and all
|
||||||
|
other entities that control, are controlled by, or are under common
|
||||||
|
control with that entity. For the purposes of this definition,
|
||||||
|
"control" means (i) the power, direct or indirect, to cause the
|
||||||
|
direction or management of such entity, whether by contract or
|
||||||
|
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||||
|
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||||
|
|
||||||
|
"You" (or "Your") shall mean an individual or Legal Entity
|
||||||
|
exercising permissions granted by this License.
|
||||||
|
|
||||||
|
"Source" form shall mean the preferred form for making modifications,
|
||||||
|
including but not limited to software source code, documentation
|
||||||
|
source, and configuration files.
|
||||||
|
|
||||||
|
"Object" form shall mean any form resulting from mechanical
|
||||||
|
transformation or translation of a Source form, including but
|
||||||
|
not limited to compiled object code, generated documentation,
|
||||||
|
and conversions to other media types.
|
||||||
|
|
||||||
|
"Work" shall mean the work of authorship, whether in Source or
|
||||||
|
Object form, made available under the License, as indicated by a
|
||||||
|
copyright notice that is included in or attached to the work
|
||||||
|
(an example is provided in the Appendix below).
|
||||||
|
|
||||||
|
"Derivative Works" shall mean any work, whether in Source or Object
|
||||||
|
form, that is based on (or derived from) the Work and for which the
|
||||||
|
editorial revisions, annotations, elaborations, or other modifications
|
||||||
|
represent, as a whole, an original work of authorship. For the purposes
|
||||||
|
of this License, Derivative Works shall not include works that remain
|
||||||
|
separable from, or merely link (or bind by name) to the interfaces of,
|
||||||
|
the Work and Derivative Works thereof.
|
||||||
|
|
||||||
|
"Contribution" shall mean any work of authorship, including
|
||||||
|
the original version of the Work and any modifications or additions
|
||||||
|
to that Work or Derivative Works thereof, that is intentionally
|
||||||
|
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||||
|
or by an individual or Legal Entity authorized to submit on behalf of
|
||||||
|
the copyright owner. For the purposes of this definition, "submitted"
|
||||||
|
means any form of electronic, verbal, or written communication sent
|
||||||
|
to the Licensor or its representatives, including but not limited to
|
||||||
|
communication on electronic mailing lists, source code control systems,
|
||||||
|
and issue tracking systems that are managed by, or on behalf of, the
|
||||||
|
Licensor for the purpose of discussing and improving the Work, but
|
||||||
|
excluding communication that is conspicuously marked or otherwise
|
||||||
|
designated in writing by the copyright owner as "Not a Contribution."
|
||||||
|
|
||||||
|
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||||
|
on behalf of whom a Contribution has been received by Licensor and
|
||||||
|
subsequently incorporated within the Work.
|
||||||
|
|
||||||
|
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
copyright license to reproduce, prepare Derivative Works of,
|
||||||
|
publicly display, publicly perform, sublicense, and distribute the
|
||||||
|
Work and such Derivative Works in Source or Object form.
|
||||||
|
|
||||||
|
3. Grant of Patent License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
(except as stated in this section) patent license to make, have made,
|
||||||
|
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||||
|
where such license applies only to those patent claims licensable
|
||||||
|
by such Contributor that are necessarily infringed by their
|
||||||
|
Contribution(s) alone or by combination of their Contribution(s)
|
||||||
|
with the Work to which such Contribution(s) was submitted. If You
|
||||||
|
institute patent litigation against any entity (including a
|
||||||
|
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||||
|
or a Contribution incorporated within the Work constitutes direct
|
||||||
|
or contributory patent infringement, then any patent licenses
|
||||||
|
granted to You under this License for that Work shall terminate
|
||||||
|
as of the date such litigation is filed.
|
||||||
|
|
||||||
|
4. Redistribution. You may reproduce and distribute copies of the
|
||||||
|
Work or Derivative Works thereof in any medium, with or without
|
||||||
|
modifications, and in Source or Object form, provided that You
|
||||||
|
meet the following conditions:
|
||||||
|
|
||||||
|
(a) You must give any other recipients of the Work or
|
||||||
|
Derivative Works a copy of this License; and
|
||||||
|
|
||||||
|
(b) You must cause any modified files to carry prominent notices
|
||||||
|
stating that You changed the files; and
|
||||||
|
|
||||||
|
(c) You must retain, in the Source form of any Derivative Works
|
||||||
|
that You distribute, all copyright, patent, trademark, and
|
||||||
|
attribution notices from the Source form of the Work,
|
||||||
|
excluding those notices that do not pertain to any part of
|
||||||
|
the Derivative Works; and
|
||||||
|
|
||||||
|
(d) If the Work includes a "NOTICE" text file as part of its
|
||||||
|
distribution, then any Derivative Works that You distribute must
|
||||||
|
include a readable copy of the attribution notices contained
|
||||||
|
within such NOTICE file, excluding those notices that do not
|
||||||
|
pertain to any part of the Derivative Works, in at least one
|
||||||
|
of the following places: within a NOTICE text file distributed
|
||||||
|
as part of the Derivative Works; within the Source form or
|
||||||
|
documentation, if provided along with the Derivative Works; or,
|
||||||
|
within a display generated by the Derivative Works, if and
|
||||||
|
wherever such third-party notices normally appear. The contents
|
||||||
|
of the NOTICE file are for informational purposes only and
|
||||||
|
do not modify the License. You may add Your own attribution
|
||||||
|
notices within Derivative Works that You distribute, alongside
|
||||||
|
or as an addendum to the NOTICE text from the Work, provided
|
||||||
|
that such additional attribution notices cannot be construed
|
||||||
|
as modifying the License.
|
||||||
|
|
||||||
|
You may add Your own copyright statement to Your modifications and
|
||||||
|
may provide additional or different license terms and conditions
|
||||||
|
for use, reproduction, or distribution of Your modifications, or
|
||||||
|
for any such Derivative Works as a whole, provided Your use,
|
||||||
|
reproduction, and distribution of the Work otherwise complies with
|
||||||
|
the conditions stated in this License.
|
||||||
|
|
||||||
|
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||||
|
any Contribution intentionally submitted for inclusion in the Work
|
||||||
|
by You to the Licensor shall be under the terms and conditions of
|
||||||
|
this License, without any additional terms or conditions.
|
||||||
|
Notwithstanding the above, nothing herein shall supersede or modify
|
||||||
|
the terms of any separate license agreement you may have executed
|
||||||
|
with Licensor regarding such Contributions.
|
||||||
|
|
||||||
|
6. Trademarks. This License does not grant permission to use the trade
|
||||||
|
names, trademarks, service marks, or product names of the Licensor,
|
||||||
|
except as required for reasonable and customary use in describing the
|
||||||
|
origin of the Work and reproducing the content of the NOTICE file.
|
||||||
|
|
||||||
|
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||||
|
agreed to in writing, Licensor provides the Work (and each
|
||||||
|
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||||
|
implied, including, without limitation, any warranties or conditions
|
||||||
|
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||||
|
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||||
|
appropriateness of using or redistributing the Work and assume any
|
||||||
|
risks associated with Your exercise of permissions under this License.
|
||||||
|
|
||||||
|
8. Limitation of Liability. In no event and under no legal theory,
|
||||||
|
whether in tort (including negligence), contract, or otherwise,
|
||||||
|
unless required by applicable law (such as deliberate and grossly
|
||||||
|
negligent acts) or agreed to in writing, shall any Contributor be
|
||||||
|
liable to You for damages, including any direct, indirect, special,
|
||||||
|
incidental, or consequential damages of any character arising as a
|
||||||
|
result of this License or out of the use or inability to use the
|
||||||
|
Work (including but not limited to damages for loss of goodwill,
|
||||||
|
work stoppage, computer failure or malfunction, or any and all
|
||||||
|
other commercial damages or losses), even if such Contributor
|
||||||
|
has been advised of the possibility of such damages.
|
||||||
|
|
||||||
|
9. Accepting Warranty or Additional Liability. While redistributing
|
||||||
|
the Work or Derivative Works thereof, You may choose to offer,
|
||||||
|
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||||
|
or other liability obligations and/or rights consistent with this
|
||||||
|
License. However, in accepting such obligations, You may act only
|
||||||
|
on Your own behalf and on Your sole responsibility, not on behalf
|
||||||
|
of any other Contributor, and only if You agree to indemnify,
|
||||||
|
defend, and hold each Contributor harmless for any liability
|
||||||
|
incurred by, or claims asserted against, such Contributor by reason
|
||||||
|
of your accepting any such warranty or additional liability.
|
||||||
|
|
||||||
|
END OF TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
APPENDIX: How to apply the Apache License to your work.
|
||||||
|
|
||||||
|
To apply the Apache License to your work, attach the following
|
||||||
|
boilerplate notice, with the fields enclosed by brackets "{}"
|
||||||
|
replaced with your own identifying information. (Don't include
|
||||||
|
the brackets!) The text should be enclosed in the appropriate
|
||||||
|
comment syntax for the file format. We also recommend that a
|
||||||
|
file or class name and description of purpose be included on the
|
||||||
|
same "printed page" as the copyright notice for easier
|
||||||
|
identification within third-party archives.
|
||||||
|
|
||||||
|
Copyright {yyyy} {name of copyright owner}
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
|
5
vendor/github.com/coreos/go-oidc/NOTICE
generated
vendored
Normal file
5
vendor/github.com/coreos/go-oidc/NOTICE
generated
vendored
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
CoreOS Project
|
||||||
|
Copyright 2014 CoreOS, Inc
|
||||||
|
|
||||||
|
This product includes software developed at CoreOS, Inc.
|
||||||
|
(http://www.coreos.com/).
|
7
vendor/github.com/coreos/go-oidc/http/client.go
generated
vendored
Normal file
7
vendor/github.com/coreos/go-oidc/http/client.go
generated
vendored
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
package http
|
||||||
|
|
||||||
|
import "net/http"
|
||||||
|
|
||||||
|
type Client interface {
|
||||||
|
Do(*http.Request) (*http.Response, error)
|
||||||
|
}
|
156
vendor/github.com/coreos/go-oidc/http/http.go
generated
vendored
Normal file
156
vendor/github.com/coreos/go-oidc/http/http.go
generated
vendored
Normal file
|
@ -0,0 +1,156 @@
|
||||||
|
package http
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/base64"
|
||||||
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
|
"log"
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
"path"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
func WriteError(w http.ResponseWriter, code int, msg string) {
|
||||||
|
e := struct {
|
||||||
|
Error string `json:"error"`
|
||||||
|
}{
|
||||||
|
Error: msg,
|
||||||
|
}
|
||||||
|
b, err := json.Marshal(e)
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("go-oidc: failed to marshal %#v: %v", e, err)
|
||||||
|
code = http.StatusInternalServerError
|
||||||
|
b = []byte(`{"error":"server_error"}`)
|
||||||
|
}
|
||||||
|
w.Header().Set("Content-Type", "application/json")
|
||||||
|
w.WriteHeader(code)
|
||||||
|
w.Write(b)
|
||||||
|
}
|
||||||
|
|
||||||
|
// BasicAuth parses a username and password from the request's
|
||||||
|
// Authorization header. This was pulled from golang master:
|
||||||
|
// https://codereview.appspot.com/76540043
|
||||||
|
func BasicAuth(r *http.Request) (username, password string, ok bool) {
|
||||||
|
auth := r.Header.Get("Authorization")
|
||||||
|
if auth == "" {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if !strings.HasPrefix(auth, "Basic ") {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
c, err := base64.StdEncoding.DecodeString(strings.TrimPrefix(auth, "Basic "))
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
cs := string(c)
|
||||||
|
s := strings.IndexByte(cs, ':')
|
||||||
|
if s < 0 {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
return cs[:s], cs[s+1:], true
|
||||||
|
}
|
||||||
|
|
||||||
|
func cacheControlMaxAge(hdr string) (time.Duration, bool, error) {
|
||||||
|
for _, field := range strings.Split(hdr, ",") {
|
||||||
|
parts := strings.SplitN(strings.TrimSpace(field), "=", 2)
|
||||||
|
k := strings.ToLower(strings.TrimSpace(parts[0]))
|
||||||
|
if k != "max-age" {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(parts) == 1 {
|
||||||
|
return 0, false, errors.New("max-age has no value")
|
||||||
|
}
|
||||||
|
|
||||||
|
v := strings.TrimSpace(parts[1])
|
||||||
|
if v == "" {
|
||||||
|
return 0, false, errors.New("max-age has empty value")
|
||||||
|
}
|
||||||
|
|
||||||
|
age, err := strconv.Atoi(v)
|
||||||
|
if err != nil {
|
||||||
|
return 0, false, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if age <= 0 {
|
||||||
|
return 0, false, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return time.Duration(age) * time.Second, true, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0, false, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func expires(date, expires string) (time.Duration, bool, error) {
|
||||||
|
if date == "" || expires == "" {
|
||||||
|
return 0, false, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
te, err := time.Parse(time.RFC1123, expires)
|
||||||
|
if err != nil {
|
||||||
|
return 0, false, err
|
||||||
|
}
|
||||||
|
|
||||||
|
td, err := time.Parse(time.RFC1123, date)
|
||||||
|
if err != nil {
|
||||||
|
return 0, false, err
|
||||||
|
}
|
||||||
|
|
||||||
|
ttl := te.Sub(td)
|
||||||
|
|
||||||
|
// headers indicate data already expired, caller should not
|
||||||
|
// have to care about this case
|
||||||
|
if ttl <= 0 {
|
||||||
|
return 0, false, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return ttl, true, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func Cacheable(hdr http.Header) (time.Duration, bool, error) {
|
||||||
|
ttl, ok, err := cacheControlMaxAge(hdr.Get("Cache-Control"))
|
||||||
|
if err != nil || ok {
|
||||||
|
return ttl, ok, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return expires(hdr.Get("Date"), hdr.Get("Expires"))
|
||||||
|
}
|
||||||
|
|
||||||
|
// MergeQuery appends additional query values to an existing URL.
|
||||||
|
func MergeQuery(u url.URL, q url.Values) url.URL {
|
||||||
|
uv := u.Query()
|
||||||
|
for k, vs := range q {
|
||||||
|
for _, v := range vs {
|
||||||
|
uv.Add(k, v)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
u.RawQuery = uv.Encode()
|
||||||
|
return u
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewResourceLocation appends a resource id to the end of the requested URL path.
|
||||||
|
func NewResourceLocation(reqURL *url.URL, id string) string {
|
||||||
|
var u url.URL
|
||||||
|
u = *reqURL
|
||||||
|
u.Path = path.Join(u.Path, id)
|
||||||
|
u.RawQuery = ""
|
||||||
|
u.Fragment = ""
|
||||||
|
return u.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
// CopyRequest returns a clone of the provided *http.Request.
|
||||||
|
// The returned object is a shallow copy of the struct and a
|
||||||
|
// deep copy of its Header field.
|
||||||
|
func CopyRequest(r *http.Request) *http.Request {
|
||||||
|
r2 := *r
|
||||||
|
r2.Header = make(http.Header)
|
||||||
|
for k, s := range r.Header {
|
||||||
|
r2.Header[k] = s
|
||||||
|
}
|
||||||
|
return &r2
|
||||||
|
}
|
29
vendor/github.com/coreos/go-oidc/http/url.go
generated
vendored
Normal file
29
vendor/github.com/coreos/go-oidc/http/url.go
generated
vendored
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
package http
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"net/url"
|
||||||
|
)
|
||||||
|
|
||||||
|
// ParseNonEmptyURL checks that a string is a parsable URL which is also not empty
|
||||||
|
// since `url.Parse("")` does not return an error. Must contian a scheme and a host.
|
||||||
|
func ParseNonEmptyURL(u string) (*url.URL, error) {
|
||||||
|
if u == "" {
|
||||||
|
return nil, errors.New("url is empty")
|
||||||
|
}
|
||||||
|
|
||||||
|
ur, err := url.Parse(u)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if ur.Scheme == "" {
|
||||||
|
return nil, errors.New("url scheme is empty")
|
||||||
|
}
|
||||||
|
|
||||||
|
if ur.Host == "" {
|
||||||
|
return nil, errors.New("url host is empty")
|
||||||
|
}
|
||||||
|
|
||||||
|
return ur, nil
|
||||||
|
}
|
126
vendor/github.com/coreos/go-oidc/jose/claims.go
generated
vendored
Normal file
126
vendor/github.com/coreos/go-oidc/jose/claims.go
generated
vendored
Normal file
|
@ -0,0 +1,126 @@
|
||||||
|
package jose
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"math"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Claims map[string]interface{}
|
||||||
|
|
||||||
|
func (c Claims) Add(name string, value interface{}) {
|
||||||
|
c[name] = value
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c Claims) StringClaim(name string) (string, bool, error) {
|
||||||
|
cl, ok := c[name]
|
||||||
|
if !ok {
|
||||||
|
return "", false, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
v, ok := cl.(string)
|
||||||
|
if !ok {
|
||||||
|
return "", false, fmt.Errorf("unable to parse claim as string: %v", name)
|
||||||
|
}
|
||||||
|
|
||||||
|
return v, true, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c Claims) StringsClaim(name string) ([]string, bool, error) {
|
||||||
|
cl, ok := c[name]
|
||||||
|
if !ok {
|
||||||
|
return nil, false, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
if v, ok := cl.([]string); ok {
|
||||||
|
return v, true, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// When unmarshaled, []string will become []interface{}.
|
||||||
|
if v, ok := cl.([]interface{}); ok {
|
||||||
|
var ret []string
|
||||||
|
for _, vv := range v {
|
||||||
|
str, ok := vv.(string)
|
||||||
|
if !ok {
|
||||||
|
return nil, false, fmt.Errorf("unable to parse claim as string array: %v", name)
|
||||||
|
}
|
||||||
|
ret = append(ret, str)
|
||||||
|
}
|
||||||
|
return ret, true, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil, false, fmt.Errorf("unable to parse claim as string array: %v", name)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c Claims) Int64Claim(name string) (int64, bool, error) {
|
||||||
|
cl, ok := c[name]
|
||||||
|
if !ok {
|
||||||
|
return 0, false, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
v, ok := cl.(int64)
|
||||||
|
if !ok {
|
||||||
|
vf, ok := cl.(float64)
|
||||||
|
if !ok {
|
||||||
|
return 0, false, fmt.Errorf("unable to parse claim as int64: %v", name)
|
||||||
|
}
|
||||||
|
v = int64(vf)
|
||||||
|
}
|
||||||
|
|
||||||
|
return v, true, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c Claims) Float64Claim(name string) (float64, bool, error) {
|
||||||
|
cl, ok := c[name]
|
||||||
|
if !ok {
|
||||||
|
return 0, false, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
v, ok := cl.(float64)
|
||||||
|
if !ok {
|
||||||
|
vi, ok := cl.(int64)
|
||||||
|
if !ok {
|
||||||
|
return 0, false, fmt.Errorf("unable to parse claim as float64: %v", name)
|
||||||
|
}
|
||||||
|
v = float64(vi)
|
||||||
|
}
|
||||||
|
|
||||||
|
return v, true, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c Claims) TimeClaim(name string) (time.Time, bool, error) {
|
||||||
|
v, ok, err := c.Float64Claim(name)
|
||||||
|
if !ok || err != nil {
|
||||||
|
return time.Time{}, ok, err
|
||||||
|
}
|
||||||
|
|
||||||
|
s := math.Trunc(v)
|
||||||
|
ns := (v - s) * math.Pow(10, 9)
|
||||||
|
return time.Unix(int64(s), int64(ns)).UTC(), true, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func decodeClaims(payload []byte) (Claims, error) {
|
||||||
|
var c Claims
|
||||||
|
if err := json.Unmarshal(payload, &c); err != nil {
|
||||||
|
return nil, fmt.Errorf("malformed JWT claims, unable to decode: %v", err)
|
||||||
|
}
|
||||||
|
return c, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func marshalClaims(c Claims) ([]byte, error) {
|
||||||
|
b, err := json.Marshal(c)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return b, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func encodeClaims(c Claims) (string, error) {
|
||||||
|
b, err := marshalClaims(c)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
return encodeSegment(b), nil
|
||||||
|
}
|
112
vendor/github.com/coreos/go-oidc/jose/jose.go
generated
vendored
Normal file
112
vendor/github.com/coreos/go-oidc/jose/jose.go
generated
vendored
Normal file
|
@ -0,0 +1,112 @@
|
||||||
|
package jose
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/base64"
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
HeaderMediaType = "typ"
|
||||||
|
HeaderKeyAlgorithm = "alg"
|
||||||
|
HeaderKeyID = "kid"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
// Encryption Algorithm Header Parameter Values for JWS
|
||||||
|
// See: https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#page-6
|
||||||
|
AlgHS256 = "HS256"
|
||||||
|
AlgHS384 = "HS384"
|
||||||
|
AlgHS512 = "HS512"
|
||||||
|
AlgRS256 = "RS256"
|
||||||
|
AlgRS384 = "RS384"
|
||||||
|
AlgRS512 = "RS512"
|
||||||
|
AlgES256 = "ES256"
|
||||||
|
AlgES384 = "ES384"
|
||||||
|
AlgES512 = "ES512"
|
||||||
|
AlgPS256 = "PS256"
|
||||||
|
AlgPS384 = "PS384"
|
||||||
|
AlgPS512 = "PS512"
|
||||||
|
AlgNone = "none"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
// Algorithm Header Parameter Values for JWE
|
||||||
|
// See: https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-4.1
|
||||||
|
AlgRSA15 = "RSA1_5"
|
||||||
|
AlgRSAOAEP = "RSA-OAEP"
|
||||||
|
AlgRSAOAEP256 = "RSA-OAEP-256"
|
||||||
|
AlgA128KW = "A128KW"
|
||||||
|
AlgA192KW = "A192KW"
|
||||||
|
AlgA256KW = "A256KW"
|
||||||
|
AlgDir = "dir"
|
||||||
|
AlgECDHES = "ECDH-ES"
|
||||||
|
AlgECDHESA128KW = "ECDH-ES+A128KW"
|
||||||
|
AlgECDHESA192KW = "ECDH-ES+A192KW"
|
||||||
|
AlgECDHESA256KW = "ECDH-ES+A256KW"
|
||||||
|
AlgA128GCMKW = "A128GCMKW"
|
||||||
|
AlgA192GCMKW = "A192GCMKW"
|
||||||
|
AlgA256GCMKW = "A256GCMKW"
|
||||||
|
AlgPBES2HS256A128KW = "PBES2-HS256+A128KW"
|
||||||
|
AlgPBES2HS384A192KW = "PBES2-HS384+A192KW"
|
||||||
|
AlgPBES2HS512A256KW = "PBES2-HS512+A256KW"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
// Encryption Algorithm Header Parameter Values for JWE
|
||||||
|
// See: https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#page-22
|
||||||
|
EncA128CBCHS256 = "A128CBC-HS256"
|
||||||
|
EncA128CBCHS384 = "A128CBC-HS384"
|
||||||
|
EncA256CBCHS512 = "A256CBC-HS512"
|
||||||
|
EncA128GCM = "A128GCM"
|
||||||
|
EncA192GCM = "A192GCM"
|
||||||
|
EncA256GCM = "A256GCM"
|
||||||
|
)
|
||||||
|
|
||||||
|
type JOSEHeader map[string]string
|
||||||
|
|
||||||
|
func (j JOSEHeader) Validate() error {
|
||||||
|
if _, exists := j[HeaderKeyAlgorithm]; !exists {
|
||||||
|
return fmt.Errorf("header missing %q parameter", HeaderKeyAlgorithm)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func decodeHeader(seg string) (JOSEHeader, error) {
|
||||||
|
b, err := decodeSegment(seg)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
var h JOSEHeader
|
||||||
|
err = json.Unmarshal(b, &h)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return h, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func encodeHeader(h JOSEHeader) (string, error) {
|
||||||
|
b, err := json.Marshal(h)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
return encodeSegment(b), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Decode JWT specific base64url encoding with padding stripped
|
||||||
|
func decodeSegment(seg string) ([]byte, error) {
|
||||||
|
if l := len(seg) % 4; l != 0 {
|
||||||
|
seg += strings.Repeat("=", 4-l)
|
||||||
|
}
|
||||||
|
return base64.URLEncoding.DecodeString(seg)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Encode JWT specific base64url encoding with padding stripped
|
||||||
|
func encodeSegment(seg []byte) string {
|
||||||
|
return strings.TrimRight(base64.URLEncoding.EncodeToString(seg), "=")
|
||||||
|
}
|
135
vendor/github.com/coreos/go-oidc/jose/jwk.go
generated
vendored
Normal file
135
vendor/github.com/coreos/go-oidc/jose/jwk.go
generated
vendored
Normal file
|
@ -0,0 +1,135 @@
|
||||||
|
package jose
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"encoding/base64"
|
||||||
|
"encoding/binary"
|
||||||
|
"encoding/json"
|
||||||
|
"math/big"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
// JSON Web Key
|
||||||
|
// https://tools.ietf.org/html/draft-ietf-jose-json-web-key-36#page-5
|
||||||
|
type JWK struct {
|
||||||
|
ID string
|
||||||
|
Type string
|
||||||
|
Alg string
|
||||||
|
Use string
|
||||||
|
Exponent int
|
||||||
|
Modulus *big.Int
|
||||||
|
Secret []byte
|
||||||
|
}
|
||||||
|
|
||||||
|
type jwkJSON struct {
|
||||||
|
ID string `json:"kid"`
|
||||||
|
Type string `json:"kty"`
|
||||||
|
Alg string `json:"alg"`
|
||||||
|
Use string `json:"use"`
|
||||||
|
Exponent string `json:"e"`
|
||||||
|
Modulus string `json:"n"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func (j *JWK) MarshalJSON() ([]byte, error) {
|
||||||
|
t := jwkJSON{
|
||||||
|
ID: j.ID,
|
||||||
|
Type: j.Type,
|
||||||
|
Alg: j.Alg,
|
||||||
|
Use: j.Use,
|
||||||
|
Exponent: encodeExponent(j.Exponent),
|
||||||
|
Modulus: encodeModulus(j.Modulus),
|
||||||
|
}
|
||||||
|
|
||||||
|
return json.Marshal(&t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (j *JWK) UnmarshalJSON(data []byte) error {
|
||||||
|
var t jwkJSON
|
||||||
|
err := json.Unmarshal(data, &t)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
e, err := decodeExponent(t.Exponent)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
n, err := decodeModulus(t.Modulus)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
j.ID = t.ID
|
||||||
|
j.Type = t.Type
|
||||||
|
j.Alg = t.Alg
|
||||||
|
j.Use = t.Use
|
||||||
|
j.Exponent = e
|
||||||
|
j.Modulus = n
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
type JWKSet struct {
|
||||||
|
Keys []JWK `json:"keys"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func decodeExponent(e string) (int, error) {
|
||||||
|
decE, err := decodeBase64URLPaddingOptional(e)
|
||||||
|
if err != nil {
|
||||||
|
return 0, err
|
||||||
|
}
|
||||||
|
var eBytes []byte
|
||||||
|
if len(decE) < 8 {
|
||||||
|
eBytes = make([]byte, 8-len(decE), 8)
|
||||||
|
eBytes = append(eBytes, decE...)
|
||||||
|
} else {
|
||||||
|
eBytes = decE
|
||||||
|
}
|
||||||
|
eReader := bytes.NewReader(eBytes)
|
||||||
|
var E uint64
|
||||||
|
err = binary.Read(eReader, binary.BigEndian, &E)
|
||||||
|
if err != nil {
|
||||||
|
return 0, err
|
||||||
|
}
|
||||||
|
return int(E), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func encodeExponent(e int) string {
|
||||||
|
b := make([]byte, 8)
|
||||||
|
binary.BigEndian.PutUint64(b, uint64(e))
|
||||||
|
var idx int
|
||||||
|
for ; idx < 8; idx++ {
|
||||||
|
if b[idx] != 0x0 {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return base64.URLEncoding.EncodeToString(b[idx:])
|
||||||
|
}
|
||||||
|
|
||||||
|
// Turns a URL encoded modulus of a key into a big int.
|
||||||
|
func decodeModulus(n string) (*big.Int, error) {
|
||||||
|
decN, err := decodeBase64URLPaddingOptional(n)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
N := big.NewInt(0)
|
||||||
|
N.SetBytes(decN)
|
||||||
|
return N, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func encodeModulus(n *big.Int) string {
|
||||||
|
return base64.URLEncoding.EncodeToString(n.Bytes())
|
||||||
|
}
|
||||||
|
|
||||||
|
// decodeBase64URLPaddingOptional decodes Base64 whether there is padding or not.
|
||||||
|
// The stdlib version currently doesn't handle this.
|
||||||
|
// We can get rid of this is if this bug:
|
||||||
|
// https://github.com/golang/go/issues/4237
|
||||||
|
// ever closes.
|
||||||
|
func decodeBase64URLPaddingOptional(e string) ([]byte, error) {
|
||||||
|
if m := len(e) % 4; m != 0 {
|
||||||
|
e += strings.Repeat("=", 4-m)
|
||||||
|
}
|
||||||
|
return base64.URLEncoding.DecodeString(e)
|
||||||
|
}
|
51
vendor/github.com/coreos/go-oidc/jose/jws.go
generated
vendored
Normal file
51
vendor/github.com/coreos/go-oidc/jose/jws.go
generated
vendored
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
package jose
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
type JWS struct {
|
||||||
|
RawHeader string
|
||||||
|
Header JOSEHeader
|
||||||
|
RawPayload string
|
||||||
|
Payload []byte
|
||||||
|
Signature []byte
|
||||||
|
}
|
||||||
|
|
||||||
|
// Given a raw encoded JWS token parses it and verifies the structure.
|
||||||
|
func ParseJWS(raw string) (JWS, error) {
|
||||||
|
parts := strings.Split(raw, ".")
|
||||||
|
if len(parts) != 3 {
|
||||||
|
return JWS{}, fmt.Errorf("malformed JWS, only %d segments", len(parts))
|
||||||
|
}
|
||||||
|
|
||||||
|
rawSig := parts[2]
|
||||||
|
jws := JWS{
|
||||||
|
RawHeader: parts[0],
|
||||||
|
RawPayload: parts[1],
|
||||||
|
}
|
||||||
|
|
||||||
|
header, err := decodeHeader(jws.RawHeader)
|
||||||
|
if err != nil {
|
||||||
|
return JWS{}, fmt.Errorf("malformed JWS, unable to decode header, %s", err)
|
||||||
|
}
|
||||||
|
if err = header.Validate(); err != nil {
|
||||||
|
return JWS{}, fmt.Errorf("malformed JWS, %s", err)
|
||||||
|
}
|
||||||
|
jws.Header = header
|
||||||
|
|
||||||
|
payload, err := decodeSegment(jws.RawPayload)
|
||||||
|
if err != nil {
|
||||||
|
return JWS{}, fmt.Errorf("malformed JWS, unable to decode payload: %s", err)
|
||||||
|
}
|
||||||
|
jws.Payload = payload
|
||||||
|
|
||||||
|
sig, err := decodeSegment(rawSig)
|
||||||
|
if err != nil {
|
||||||
|
return JWS{}, fmt.Errorf("malformed JWS, unable to decode signature: %s", err)
|
||||||
|
}
|
||||||
|
jws.Signature = sig
|
||||||
|
|
||||||
|
return jws, nil
|
||||||
|
}
|
82
vendor/github.com/coreos/go-oidc/jose/jwt.go
generated
vendored
Normal file
82
vendor/github.com/coreos/go-oidc/jose/jwt.go
generated
vendored
Normal file
|
@ -0,0 +1,82 @@
|
||||||
|
package jose
|
||||||
|
|
||||||
|
import "strings"
|
||||||
|
|
||||||
|
type JWT JWS
|
||||||
|
|
||||||
|
func ParseJWT(token string) (jwt JWT, err error) {
|
||||||
|
jws, err := ParseJWS(token)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
return JWT(jws), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewJWT(header JOSEHeader, claims Claims) (jwt JWT, err error) {
|
||||||
|
jwt = JWT{}
|
||||||
|
|
||||||
|
jwt.Header = header
|
||||||
|
jwt.Header[HeaderMediaType] = "JWT"
|
||||||
|
|
||||||
|
claimBytes, err := marshalClaims(claims)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
jwt.Payload = claimBytes
|
||||||
|
|
||||||
|
eh, err := encodeHeader(header)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
jwt.RawHeader = eh
|
||||||
|
|
||||||
|
ec, err := encodeClaims(claims)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
jwt.RawPayload = ec
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
func (j *JWT) KeyID() (string, bool) {
|
||||||
|
kID, ok := j.Header[HeaderKeyID]
|
||||||
|
return kID, ok
|
||||||
|
}
|
||||||
|
|
||||||
|
func (j *JWT) Claims() (Claims, error) {
|
||||||
|
return decodeClaims(j.Payload)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Encoded data part of the token which may be signed.
|
||||||
|
func (j *JWT) Data() string {
|
||||||
|
return strings.Join([]string{j.RawHeader, j.RawPayload}, ".")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Full encoded JWT token string in format: header.claims.signature
|
||||||
|
func (j *JWT) Encode() string {
|
||||||
|
d := j.Data()
|
||||||
|
s := encodeSegment(j.Signature)
|
||||||
|
return strings.Join([]string{d, s}, ".")
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewSignedJWT(claims Claims, s Signer) (*JWT, error) {
|
||||||
|
header := JOSEHeader{
|
||||||
|
HeaderKeyAlgorithm: s.Alg(),
|
||||||
|
HeaderKeyID: s.ID(),
|
||||||
|
}
|
||||||
|
|
||||||
|
jwt, err := NewJWT(header, claims)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
sig, err := s.Sign([]byte(jwt.Data()))
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
jwt.Signature = sig
|
||||||
|
|
||||||
|
return &jwt, nil
|
||||||
|
}
|
24
vendor/github.com/coreos/go-oidc/jose/sig.go
generated
vendored
Executable file
24
vendor/github.com/coreos/go-oidc/jose/sig.go
generated
vendored
Executable file
|
@ -0,0 +1,24 @@
|
||||||
|
package jose
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Verifier interface {
|
||||||
|
ID() string
|
||||||
|
Alg() string
|
||||||
|
Verify(sig []byte, data []byte) error
|
||||||
|
}
|
||||||
|
|
||||||
|
type Signer interface {
|
||||||
|
Verifier
|
||||||
|
Sign(data []byte) (sig []byte, err error)
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewVerifier(jwk JWK) (Verifier, error) {
|
||||||
|
if jwk.Type != "RSA" {
|
||||||
|
return nil, fmt.Errorf("unsupported key type %q", jwk.Type)
|
||||||
|
}
|
||||||
|
|
||||||
|
return NewVerifierRSA(jwk)
|
||||||
|
}
|
67
vendor/github.com/coreos/go-oidc/jose/sig_hmac.go
generated
vendored
Executable file
67
vendor/github.com/coreos/go-oidc/jose/sig_hmac.go
generated
vendored
Executable file
|
@ -0,0 +1,67 @@
|
||||||
|
package jose
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"crypto"
|
||||||
|
"crypto/hmac"
|
||||||
|
_ "crypto/sha256"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
)
|
||||||
|
|
||||||
|
type VerifierHMAC struct {
|
||||||
|
KeyID string
|
||||||
|
Hash crypto.Hash
|
||||||
|
Secret []byte
|
||||||
|
}
|
||||||
|
|
||||||
|
type SignerHMAC struct {
|
||||||
|
VerifierHMAC
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewVerifierHMAC(jwk JWK) (*VerifierHMAC, error) {
|
||||||
|
if jwk.Alg != "" && jwk.Alg != "HS256" {
|
||||||
|
return nil, fmt.Errorf("unsupported key algorithm %q", jwk.Alg)
|
||||||
|
}
|
||||||
|
|
||||||
|
v := VerifierHMAC{
|
||||||
|
KeyID: jwk.ID,
|
||||||
|
Secret: jwk.Secret,
|
||||||
|
Hash: crypto.SHA256,
|
||||||
|
}
|
||||||
|
|
||||||
|
return &v, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *VerifierHMAC) ID() string {
|
||||||
|
return v.KeyID
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *VerifierHMAC) Alg() string {
|
||||||
|
return "HS256"
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *VerifierHMAC) Verify(sig []byte, data []byte) error {
|
||||||
|
h := hmac.New(v.Hash.New, v.Secret)
|
||||||
|
h.Write(data)
|
||||||
|
if !bytes.Equal(sig, h.Sum(nil)) {
|
||||||
|
return errors.New("invalid hmac signature")
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewSignerHMAC(kid string, secret []byte) *SignerHMAC {
|
||||||
|
return &SignerHMAC{
|
||||||
|
VerifierHMAC: VerifierHMAC{
|
||||||
|
KeyID: kid,
|
||||||
|
Secret: secret,
|
||||||
|
Hash: crypto.SHA256,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SignerHMAC) Sign(data []byte) ([]byte, error) {
|
||||||
|
h := hmac.New(s.Hash.New, s.Secret)
|
||||||
|
h.Write(data)
|
||||||
|
return h.Sum(nil), nil
|
||||||
|
}
|
67
vendor/github.com/coreos/go-oidc/jose/sig_rsa.go
generated
vendored
Executable file
67
vendor/github.com/coreos/go-oidc/jose/sig_rsa.go
generated
vendored
Executable file
|
@ -0,0 +1,67 @@
|
||||||
|
package jose
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto"
|
||||||
|
"crypto/rand"
|
||||||
|
"crypto/rsa"
|
||||||
|
"fmt"
|
||||||
|
)
|
||||||
|
|
||||||
|
type VerifierRSA struct {
|
||||||
|
KeyID string
|
||||||
|
Hash crypto.Hash
|
||||||
|
PublicKey rsa.PublicKey
|
||||||
|
}
|
||||||
|
|
||||||
|
type SignerRSA struct {
|
||||||
|
PrivateKey rsa.PrivateKey
|
||||||
|
VerifierRSA
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewVerifierRSA(jwk JWK) (*VerifierRSA, error) {
|
||||||
|
if jwk.Alg != "" && jwk.Alg != "RS256" {
|
||||||
|
return nil, fmt.Errorf("unsupported key algorithm %q", jwk.Alg)
|
||||||
|
}
|
||||||
|
|
||||||
|
v := VerifierRSA{
|
||||||
|
KeyID: jwk.ID,
|
||||||
|
PublicKey: rsa.PublicKey{
|
||||||
|
N: jwk.Modulus,
|
||||||
|
E: jwk.Exponent,
|
||||||
|
},
|
||||||
|
Hash: crypto.SHA256,
|
||||||
|
}
|
||||||
|
|
||||||
|
return &v, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewSignerRSA(kid string, key rsa.PrivateKey) *SignerRSA {
|
||||||
|
return &SignerRSA{
|
||||||
|
PrivateKey: key,
|
||||||
|
VerifierRSA: VerifierRSA{
|
||||||
|
KeyID: kid,
|
||||||
|
PublicKey: key.PublicKey,
|
||||||
|
Hash: crypto.SHA256,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *VerifierRSA) ID() string {
|
||||||
|
return v.KeyID
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *VerifierRSA) Alg() string {
|
||||||
|
return "RS256"
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *VerifierRSA) Verify(sig []byte, data []byte) error {
|
||||||
|
h := v.Hash.New()
|
||||||
|
h.Write(data)
|
||||||
|
return rsa.VerifyPKCS1v15(&v.PublicKey, v.Hash, h.Sum(nil), sig)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SignerRSA) Sign(data []byte) ([]byte, error) {
|
||||||
|
h := s.Hash.New()
|
||||||
|
h.Write(data)
|
||||||
|
return rsa.SignPKCS1v15(rand.Reader, &s.PrivateKey, s.Hash, h.Sum(nil))
|
||||||
|
}
|
153
vendor/github.com/coreos/go-oidc/key/key.go
generated
vendored
Normal file
153
vendor/github.com/coreos/go-oidc/key/key.go
generated
vendored
Normal file
|
@ -0,0 +1,153 @@
|
||||||
|
package key
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/rand"
|
||||||
|
"crypto/rsa"
|
||||||
|
"encoding/hex"
|
||||||
|
"encoding/json"
|
||||||
|
"io"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/coreos/go-oidc/jose"
|
||||||
|
)
|
||||||
|
|
||||||
|
func NewPublicKey(jwk jose.JWK) *PublicKey {
|
||||||
|
return &PublicKey{jwk: jwk}
|
||||||
|
}
|
||||||
|
|
||||||
|
type PublicKey struct {
|
||||||
|
jwk jose.JWK
|
||||||
|
}
|
||||||
|
|
||||||
|
func (k *PublicKey) MarshalJSON() ([]byte, error) {
|
||||||
|
return json.Marshal(&k.jwk)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (k *PublicKey) UnmarshalJSON(data []byte) error {
|
||||||
|
var jwk jose.JWK
|
||||||
|
if err := json.Unmarshal(data, &jwk); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
k.jwk = jwk
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (k *PublicKey) ID() string {
|
||||||
|
return k.jwk.ID
|
||||||
|
}
|
||||||
|
|
||||||
|
func (k *PublicKey) Verifier() (jose.Verifier, error) {
|
||||||
|
return jose.NewVerifierRSA(k.jwk)
|
||||||
|
}
|
||||||
|
|
||||||
|
type PrivateKey struct {
|
||||||
|
KeyID string
|
||||||
|
PrivateKey *rsa.PrivateKey
|
||||||
|
}
|
||||||
|
|
||||||
|
func (k *PrivateKey) ID() string {
|
||||||
|
return k.KeyID
|
||||||
|
}
|
||||||
|
|
||||||
|
func (k *PrivateKey) Signer() jose.Signer {
|
||||||
|
return jose.NewSignerRSA(k.ID(), *k.PrivateKey)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (k *PrivateKey) JWK() jose.JWK {
|
||||||
|
return jose.JWK{
|
||||||
|
ID: k.KeyID,
|
||||||
|
Type: "RSA",
|
||||||
|
Alg: "RS256",
|
||||||
|
Use: "sig",
|
||||||
|
Exponent: k.PrivateKey.PublicKey.E,
|
||||||
|
Modulus: k.PrivateKey.PublicKey.N,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
type KeySet interface {
|
||||||
|
ExpiresAt() time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
type PublicKeySet struct {
|
||||||
|
keys []PublicKey
|
||||||
|
index map[string]*PublicKey
|
||||||
|
expiresAt time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewPublicKeySet(jwks []jose.JWK, exp time.Time) *PublicKeySet {
|
||||||
|
keys := make([]PublicKey, len(jwks))
|
||||||
|
index := make(map[string]*PublicKey)
|
||||||
|
for i, jwk := range jwks {
|
||||||
|
keys[i] = *NewPublicKey(jwk)
|
||||||
|
index[keys[i].ID()] = &keys[i]
|
||||||
|
}
|
||||||
|
return &PublicKeySet{
|
||||||
|
keys: keys,
|
||||||
|
index: index,
|
||||||
|
expiresAt: exp,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *PublicKeySet) ExpiresAt() time.Time {
|
||||||
|
return s.expiresAt
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *PublicKeySet) Keys() []PublicKey {
|
||||||
|
return s.keys
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *PublicKeySet) Key(id string) *PublicKey {
|
||||||
|
return s.index[id]
|
||||||
|
}
|
||||||
|
|
||||||
|
type PrivateKeySet struct {
|
||||||
|
keys []*PrivateKey
|
||||||
|
ActiveKeyID string
|
||||||
|
expiresAt time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewPrivateKeySet(keys []*PrivateKey, exp time.Time) *PrivateKeySet {
|
||||||
|
return &PrivateKeySet{
|
||||||
|
keys: keys,
|
||||||
|
ActiveKeyID: keys[0].ID(),
|
||||||
|
expiresAt: exp.UTC(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *PrivateKeySet) Keys() []*PrivateKey {
|
||||||
|
return s.keys
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *PrivateKeySet) ExpiresAt() time.Time {
|
||||||
|
return s.expiresAt
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *PrivateKeySet) Active() *PrivateKey {
|
||||||
|
for i, k := range s.keys {
|
||||||
|
if k.ID() == s.ActiveKeyID {
|
||||||
|
return s.keys[i]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
type GeneratePrivateKeyFunc func() (*PrivateKey, error)
|
||||||
|
|
||||||
|
func GeneratePrivateKey() (*PrivateKey, error) {
|
||||||
|
pk, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
keyID := make([]byte, 20)
|
||||||
|
if _, err := io.ReadFull(rand.Reader, keyID); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
k := PrivateKey{
|
||||||
|
KeyID: hex.EncodeToString(keyID),
|
||||||
|
PrivateKey: pk,
|
||||||
|
}
|
||||||
|
|
||||||
|
return &k, nil
|
||||||
|
}
|
99
vendor/github.com/coreos/go-oidc/key/manager.go
generated
vendored
Normal file
99
vendor/github.com/coreos/go-oidc/key/manager.go
generated
vendored
Normal file
|
@ -0,0 +1,99 @@
|
||||||
|
package key
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/jonboulle/clockwork"
|
||||||
|
|
||||||
|
"github.com/coreos/go-oidc/jose"
|
||||||
|
"github.com/coreos/pkg/health"
|
||||||
|
)
|
||||||
|
|
||||||
|
type PrivateKeyManager interface {
|
||||||
|
ExpiresAt() time.Time
|
||||||
|
Signer() (jose.Signer, error)
|
||||||
|
JWKs() ([]jose.JWK, error)
|
||||||
|
PublicKeys() ([]PublicKey, error)
|
||||||
|
|
||||||
|
WritableKeySetRepo
|
||||||
|
health.Checkable
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewPrivateKeyManager() PrivateKeyManager {
|
||||||
|
return &privateKeyManager{
|
||||||
|
clock: clockwork.NewRealClock(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
type privateKeyManager struct {
|
||||||
|
keySet *PrivateKeySet
|
||||||
|
clock clockwork.Clock
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *privateKeyManager) ExpiresAt() time.Time {
|
||||||
|
if m.keySet == nil {
|
||||||
|
return m.clock.Now().UTC()
|
||||||
|
}
|
||||||
|
|
||||||
|
return m.keySet.ExpiresAt()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *privateKeyManager) Signer() (jose.Signer, error) {
|
||||||
|
if err := m.Healthy(); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return m.keySet.Active().Signer(), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *privateKeyManager) JWKs() ([]jose.JWK, error) {
|
||||||
|
if err := m.Healthy(); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
keys := m.keySet.Keys()
|
||||||
|
jwks := make([]jose.JWK, len(keys))
|
||||||
|
for i, k := range keys {
|
||||||
|
jwks[i] = k.JWK()
|
||||||
|
}
|
||||||
|
return jwks, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *privateKeyManager) PublicKeys() ([]PublicKey, error) {
|
||||||
|
jwks, err := m.JWKs()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
keys := make([]PublicKey, len(jwks))
|
||||||
|
for i, jwk := range jwks {
|
||||||
|
keys[i] = *NewPublicKey(jwk)
|
||||||
|
}
|
||||||
|
return keys, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *privateKeyManager) Healthy() error {
|
||||||
|
if m.keySet == nil {
|
||||||
|
return errors.New("private key manager uninitialized")
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(m.keySet.Keys()) == 0 {
|
||||||
|
return errors.New("private key manager zero keys")
|
||||||
|
}
|
||||||
|
|
||||||
|
if m.keySet.ExpiresAt().Before(m.clock.Now().UTC()) {
|
||||||
|
return errors.New("private key manager keys expired")
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *privateKeyManager) Set(keySet KeySet) error {
|
||||||
|
privKeySet, ok := keySet.(*PrivateKeySet)
|
||||||
|
if !ok {
|
||||||
|
return errors.New("unable to cast to PrivateKeySet")
|
||||||
|
}
|
||||||
|
|
||||||
|
m.keySet = privKeySet
|
||||||
|
return nil
|
||||||
|
}
|
55
vendor/github.com/coreos/go-oidc/key/repo.go
generated
vendored
Normal file
55
vendor/github.com/coreos/go-oidc/key/repo.go
generated
vendored
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
package key
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"sync"
|
||||||
|
)
|
||||||
|
|
||||||
|
var ErrorNoKeys = errors.New("no keys found")
|
||||||
|
|
||||||
|
type WritableKeySetRepo interface {
|
||||||
|
Set(KeySet) error
|
||||||
|
}
|
||||||
|
|
||||||
|
type ReadableKeySetRepo interface {
|
||||||
|
Get() (KeySet, error)
|
||||||
|
}
|
||||||
|
|
||||||
|
type PrivateKeySetRepo interface {
|
||||||
|
WritableKeySetRepo
|
||||||
|
ReadableKeySetRepo
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewPrivateKeySetRepo() PrivateKeySetRepo {
|
||||||
|
return &memPrivateKeySetRepo{}
|
||||||
|
}
|
||||||
|
|
||||||
|
type memPrivateKeySetRepo struct {
|
||||||
|
mu sync.RWMutex
|
||||||
|
pks PrivateKeySet
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r *memPrivateKeySetRepo) Set(ks KeySet) error {
|
||||||
|
pks, ok := ks.(*PrivateKeySet)
|
||||||
|
if !ok {
|
||||||
|
return errors.New("unable to cast to PrivateKeySet")
|
||||||
|
} else if pks == nil {
|
||||||
|
return errors.New("nil KeySet")
|
||||||
|
}
|
||||||
|
|
||||||
|
r.mu.Lock()
|
||||||
|
defer r.mu.Unlock()
|
||||||
|
|
||||||
|
r.pks = *pks
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r *memPrivateKeySetRepo) Get() (KeySet, error) {
|
||||||
|
r.mu.RLock()
|
||||||
|
defer r.mu.RUnlock()
|
||||||
|
|
||||||
|
if r.pks.keys == nil {
|
||||||
|
return nil, ErrorNoKeys
|
||||||
|
}
|
||||||
|
return KeySet(&r.pks), nil
|
||||||
|
}
|
159
vendor/github.com/coreos/go-oidc/key/rotate.go
generated
vendored
Normal file
159
vendor/github.com/coreos/go-oidc/key/rotate.go
generated
vendored
Normal file
|
@ -0,0 +1,159 @@
|
||||||
|
package key
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"log"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
ptime "github.com/coreos/pkg/timeutil"
|
||||||
|
"github.com/jonboulle/clockwork"
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
ErrorPrivateKeysExpired = errors.New("private keys have expired")
|
||||||
|
)
|
||||||
|
|
||||||
|
func NewPrivateKeyRotator(repo PrivateKeySetRepo, ttl time.Duration) *PrivateKeyRotator {
|
||||||
|
return &PrivateKeyRotator{
|
||||||
|
repo: repo,
|
||||||
|
ttl: ttl,
|
||||||
|
|
||||||
|
keep: 2,
|
||||||
|
generateKey: GeneratePrivateKey,
|
||||||
|
clock: clockwork.NewRealClock(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
type PrivateKeyRotator struct {
|
||||||
|
repo PrivateKeySetRepo
|
||||||
|
generateKey GeneratePrivateKeyFunc
|
||||||
|
clock clockwork.Clock
|
||||||
|
keep int
|
||||||
|
ttl time.Duration
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r *PrivateKeyRotator) expiresAt() time.Time {
|
||||||
|
return r.clock.Now().UTC().Add(r.ttl)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r *PrivateKeyRotator) Healthy() error {
|
||||||
|
pks, err := r.privateKeySet()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if r.clock.Now().After(pks.ExpiresAt()) {
|
||||||
|
return ErrorPrivateKeysExpired
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r *PrivateKeyRotator) privateKeySet() (*PrivateKeySet, error) {
|
||||||
|
ks, err := r.repo.Get()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
pks, ok := ks.(*PrivateKeySet)
|
||||||
|
if !ok {
|
||||||
|
return nil, errors.New("unable to cast to PrivateKeySet")
|
||||||
|
}
|
||||||
|
return pks, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r *PrivateKeyRotator) nextRotation() (time.Duration, error) {
|
||||||
|
pks, err := r.privateKeySet()
|
||||||
|
if err == ErrorNoKeys {
|
||||||
|
return 0, nil
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
return 0, err
|
||||||
|
}
|
||||||
|
|
||||||
|
now := r.clock.Now()
|
||||||
|
|
||||||
|
// Ideally, we want to rotate after half the TTL has elapsed.
|
||||||
|
idealRotationTime := pks.ExpiresAt().Add(-r.ttl / 2)
|
||||||
|
|
||||||
|
// If we are past the ideal rotation time, rotate immediatly.
|
||||||
|
return max(0, idealRotationTime.Sub(now)), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func max(a, b time.Duration) time.Duration {
|
||||||
|
if a > b {
|
||||||
|
return a
|
||||||
|
}
|
||||||
|
return b
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r *PrivateKeyRotator) Run() chan struct{} {
|
||||||
|
attempt := func() {
|
||||||
|
k, err := r.generateKey()
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("go-oidc: failed generating signing key: %v", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
exp := r.expiresAt()
|
||||||
|
if err := rotatePrivateKeys(r.repo, k, r.keep, exp); err != nil {
|
||||||
|
log.Printf("go-oidc: key rotation failed: %v", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stop := make(chan struct{})
|
||||||
|
go func() {
|
||||||
|
for {
|
||||||
|
var nextRotation time.Duration
|
||||||
|
var sleep time.Duration
|
||||||
|
var err error
|
||||||
|
for {
|
||||||
|
if nextRotation, err = r.nextRotation(); err == nil {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
sleep = ptime.ExpBackoff(sleep, time.Minute)
|
||||||
|
log.Printf("go-oidc: error getting nextRotation, retrying in %v: %v", sleep, err)
|
||||||
|
time.Sleep(sleep)
|
||||||
|
}
|
||||||
|
|
||||||
|
select {
|
||||||
|
case <-r.clock.After(nextRotation):
|
||||||
|
attempt()
|
||||||
|
case <-stop:
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
return stop
|
||||||
|
}
|
||||||
|
|
||||||
|
func rotatePrivateKeys(repo PrivateKeySetRepo, k *PrivateKey, keep int, exp time.Time) error {
|
||||||
|
ks, err := repo.Get()
|
||||||
|
if err != nil && err != ErrorNoKeys {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
var keys []*PrivateKey
|
||||||
|
if ks != nil {
|
||||||
|
pks, ok := ks.(*PrivateKeySet)
|
||||||
|
if !ok {
|
||||||
|
return errors.New("unable to cast to PrivateKeySet")
|
||||||
|
}
|
||||||
|
keys = pks.Keys()
|
||||||
|
}
|
||||||
|
|
||||||
|
keys = append([]*PrivateKey{k}, keys...)
|
||||||
|
if l := len(keys); l > keep {
|
||||||
|
keys = keys[0:keep]
|
||||||
|
}
|
||||||
|
|
||||||
|
nks := PrivateKeySet{
|
||||||
|
keys: keys,
|
||||||
|
ActiveKeyID: k.ID(),
|
||||||
|
expiresAt: exp,
|
||||||
|
}
|
||||||
|
|
||||||
|
return repo.Set(KeySet(&nks))
|
||||||
|
}
|
91
vendor/github.com/coreos/go-oidc/key/sync.go
generated
vendored
Normal file
91
vendor/github.com/coreos/go-oidc/key/sync.go
generated
vendored
Normal file
|
@ -0,0 +1,91 @@
|
||||||
|
package key
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"log"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/jonboulle/clockwork"
|
||||||
|
|
||||||
|
"github.com/coreos/pkg/timeutil"
|
||||||
|
)
|
||||||
|
|
||||||
|
func NewKeySetSyncer(r ReadableKeySetRepo, w WritableKeySetRepo) *KeySetSyncer {
|
||||||
|
return &KeySetSyncer{
|
||||||
|
readable: r,
|
||||||
|
writable: w,
|
||||||
|
clock: clockwork.NewRealClock(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
type KeySetSyncer struct {
|
||||||
|
readable ReadableKeySetRepo
|
||||||
|
writable WritableKeySetRepo
|
||||||
|
clock clockwork.Clock
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *KeySetSyncer) Run() chan struct{} {
|
||||||
|
stop := make(chan struct{})
|
||||||
|
go func() {
|
||||||
|
var failing bool
|
||||||
|
var next time.Duration
|
||||||
|
for {
|
||||||
|
exp, err := syncKeySet(s.readable, s.writable, s.clock)
|
||||||
|
if err != nil || exp == 0 {
|
||||||
|
if !failing {
|
||||||
|
failing = true
|
||||||
|
next = time.Second
|
||||||
|
} else {
|
||||||
|
next = timeutil.ExpBackoff(next, time.Minute)
|
||||||
|
}
|
||||||
|
if exp == 0 {
|
||||||
|
log.Printf("Synced to already expired key set, retrying in %v: %v", next, err)
|
||||||
|
|
||||||
|
} else {
|
||||||
|
log.Printf("Failed syncing key set, retrying in %v: %v", next, err)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
failing = false
|
||||||
|
next = exp / 2
|
||||||
|
}
|
||||||
|
|
||||||
|
select {
|
||||||
|
case <-s.clock.After(next):
|
||||||
|
continue
|
||||||
|
case <-stop:
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
return stop
|
||||||
|
}
|
||||||
|
|
||||||
|
func Sync(r ReadableKeySetRepo, w WritableKeySetRepo) (time.Duration, error) {
|
||||||
|
return syncKeySet(r, w, clockwork.NewRealClock())
|
||||||
|
}
|
||||||
|
|
||||||
|
// syncKeySet copies the keyset from r to the KeySet at w and returns the duration in which the KeySet will expire.
|
||||||
|
// If keyset has already expired, returns a zero duration.
|
||||||
|
func syncKeySet(r ReadableKeySetRepo, w WritableKeySetRepo, clock clockwork.Clock) (exp time.Duration, err error) {
|
||||||
|
var ks KeySet
|
||||||
|
ks, err = r.Get()
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if ks == nil {
|
||||||
|
err = errors.New("no source KeySet")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if err = w.Set(ks); err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
now := clock.Now()
|
||||||
|
if ks.ExpiresAt().After(now) {
|
||||||
|
exp = ks.ExpiresAt().Sub(now)
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
29
vendor/github.com/coreos/go-oidc/oauth2/error.go
generated
vendored
Normal file
29
vendor/github.com/coreos/go-oidc/oauth2/error.go
generated
vendored
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
package oauth2
|
||||||
|
|
||||||
|
const (
|
||||||
|
ErrorAccessDenied = "access_denied"
|
||||||
|
ErrorInvalidClient = "invalid_client"
|
||||||
|
ErrorInvalidGrant = "invalid_grant"
|
||||||
|
ErrorInvalidRequest = "invalid_request"
|
||||||
|
ErrorServerError = "server_error"
|
||||||
|
ErrorUnauthorizedClient = "unauthorized_client"
|
||||||
|
ErrorUnsupportedGrantType = "unsupported_grant_type"
|
||||||
|
ErrorUnsupportedResponseType = "unsupported_response_type"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Error struct {
|
||||||
|
Type string `json:"error"`
|
||||||
|
Description string `json:"error_description,omitempty"`
|
||||||
|
State string `json:"state,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func (e *Error) Error() string {
|
||||||
|
if e.Description != "" {
|
||||||
|
return e.Type + ": " + e.Description
|
||||||
|
}
|
||||||
|
return e.Type
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewError(typ string) *Error {
|
||||||
|
return &Error{Type: typ}
|
||||||
|
}
|
416
vendor/github.com/coreos/go-oidc/oauth2/oauth2.go
generated
vendored
Normal file
416
vendor/github.com/coreos/go-oidc/oauth2/oauth2.go
generated
vendored
Normal file
|
@ -0,0 +1,416 @@
|
||||||
|
package oauth2
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
|
"mime"
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
"sort"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
phttp "github.com/coreos/go-oidc/http"
|
||||||
|
)
|
||||||
|
|
||||||
|
// ResponseTypesEqual compares two response_type values. If either
|
||||||
|
// contains a space, it is treated as an unordered list. For example,
|
||||||
|
// comparing "code id_token" and "id_token code" would evaluate to true.
|
||||||
|
func ResponseTypesEqual(r1, r2 string) bool {
|
||||||
|
if !strings.Contains(r1, " ") || !strings.Contains(r2, " ") {
|
||||||
|
// fast route, no split needed
|
||||||
|
return r1 == r2
|
||||||
|
}
|
||||||
|
|
||||||
|
// split, sort, and compare
|
||||||
|
r1Fields := strings.Fields(r1)
|
||||||
|
r2Fields := strings.Fields(r2)
|
||||||
|
if len(r1Fields) != len(r2Fields) {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
sort.Strings(r1Fields)
|
||||||
|
sort.Strings(r2Fields)
|
||||||
|
for i, r1Field := range r1Fields {
|
||||||
|
if r1Field != r2Fields[i] {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
const (
|
||||||
|
// OAuth2.0 response types registered by OIDC.
|
||||||
|
//
|
||||||
|
// See: https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#RegistryContents
|
||||||
|
ResponseTypeCode = "code"
|
||||||
|
ResponseTypeCodeIDToken = "code id_token"
|
||||||
|
ResponseTypeCodeIDTokenToken = "code id_token token"
|
||||||
|
ResponseTypeIDToken = "id_token"
|
||||||
|
ResponseTypeIDTokenToken = "id_token token"
|
||||||
|
ResponseTypeToken = "token"
|
||||||
|
ResponseTypeNone = "none"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
GrantTypeAuthCode = "authorization_code"
|
||||||
|
GrantTypeClientCreds = "client_credentials"
|
||||||
|
GrantTypeUserCreds = "password"
|
||||||
|
GrantTypeImplicit = "implicit"
|
||||||
|
GrantTypeRefreshToken = "refresh_token"
|
||||||
|
|
||||||
|
AuthMethodClientSecretPost = "client_secret_post"
|
||||||
|
AuthMethodClientSecretBasic = "client_secret_basic"
|
||||||
|
AuthMethodClientSecretJWT = "client_secret_jwt"
|
||||||
|
AuthMethodPrivateKeyJWT = "private_key_jwt"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Config struct {
|
||||||
|
Credentials ClientCredentials
|
||||||
|
Scope []string
|
||||||
|
RedirectURL string
|
||||||
|
AuthURL string
|
||||||
|
TokenURL string
|
||||||
|
|
||||||
|
// Must be one of the AuthMethodXXX methods above. Right now, only
|
||||||
|
// AuthMethodClientSecretPost and AuthMethodClientSecretBasic are supported.
|
||||||
|
AuthMethod string
|
||||||
|
}
|
||||||
|
|
||||||
|
type Client struct {
|
||||||
|
hc phttp.Client
|
||||||
|
creds ClientCredentials
|
||||||
|
scope []string
|
||||||
|
authURL *url.URL
|
||||||
|
redirectURL *url.URL
|
||||||
|
tokenURL *url.URL
|
||||||
|
authMethod string
|
||||||
|
}
|
||||||
|
|
||||||
|
type ClientCredentials struct {
|
||||||
|
ID string
|
||||||
|
Secret string
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewClient(hc phttp.Client, cfg Config) (c *Client, err error) {
|
||||||
|
if len(cfg.Credentials.ID) == 0 {
|
||||||
|
err = errors.New("missing client id")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(cfg.Credentials.Secret) == 0 {
|
||||||
|
err = errors.New("missing client secret")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if cfg.AuthMethod == "" {
|
||||||
|
cfg.AuthMethod = AuthMethodClientSecretBasic
|
||||||
|
} else if cfg.AuthMethod != AuthMethodClientSecretPost && cfg.AuthMethod != AuthMethodClientSecretBasic {
|
||||||
|
err = fmt.Errorf("auth method %q is not supported", cfg.AuthMethod)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
au, err := phttp.ParseNonEmptyURL(cfg.AuthURL)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
tu, err := phttp.ParseNonEmptyURL(cfg.TokenURL)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Allow empty redirect URL in the case where the client
|
||||||
|
// only needs to verify a given token.
|
||||||
|
ru, err := url.Parse(cfg.RedirectURL)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
c = &Client{
|
||||||
|
creds: cfg.Credentials,
|
||||||
|
scope: cfg.Scope,
|
||||||
|
redirectURL: ru,
|
||||||
|
authURL: au,
|
||||||
|
tokenURL: tu,
|
||||||
|
hc: hc,
|
||||||
|
authMethod: cfg.AuthMethod,
|
||||||
|
}
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Return the embedded HTTP client
|
||||||
|
func (c *Client) HttpClient() phttp.Client {
|
||||||
|
return c.hc
|
||||||
|
}
|
||||||
|
|
||||||
|
// Generate the url for initial redirect to oauth provider.
|
||||||
|
func (c *Client) AuthCodeURL(state, accessType, prompt string) string {
|
||||||
|
v := c.commonURLValues()
|
||||||
|
v.Set("state", state)
|
||||||
|
if strings.ToLower(accessType) == "offline" {
|
||||||
|
v.Set("access_type", "offline")
|
||||||
|
}
|
||||||
|
|
||||||
|
if prompt != "" {
|
||||||
|
v.Set("prompt", prompt)
|
||||||
|
}
|
||||||
|
v.Set("response_type", "code")
|
||||||
|
|
||||||
|
q := v.Encode()
|
||||||
|
u := *c.authURL
|
||||||
|
if u.RawQuery == "" {
|
||||||
|
u.RawQuery = q
|
||||||
|
} else {
|
||||||
|
u.RawQuery += "&" + q
|
||||||
|
}
|
||||||
|
return u.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Client) commonURLValues() url.Values {
|
||||||
|
return url.Values{
|
||||||
|
"redirect_uri": {c.redirectURL.String()},
|
||||||
|
"scope": {strings.Join(c.scope, " ")},
|
||||||
|
"client_id": {c.creds.ID},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Client) newAuthenticatedRequest(urlToken string, values url.Values) (*http.Request, error) {
|
||||||
|
var req *http.Request
|
||||||
|
var err error
|
||||||
|
switch c.authMethod {
|
||||||
|
case AuthMethodClientSecretPost:
|
||||||
|
values.Set("client_secret", c.creds.Secret)
|
||||||
|
req, err = http.NewRequest("POST", urlToken, strings.NewReader(values.Encode()))
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
case AuthMethodClientSecretBasic:
|
||||||
|
req, err = http.NewRequest("POST", urlToken, strings.NewReader(values.Encode()))
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
encodedID := url.QueryEscape(c.creds.ID)
|
||||||
|
encodedSecret := url.QueryEscape(c.creds.Secret)
|
||||||
|
req.SetBasicAuth(encodedID, encodedSecret)
|
||||||
|
default:
|
||||||
|
panic("misconfigured client: auth method not supported")
|
||||||
|
}
|
||||||
|
|
||||||
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||||
|
return req, nil
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
// ClientCredsToken posts the client id and secret to obtain a token scoped to the OAuth2 client via the "client_credentials" grant type.
|
||||||
|
// May not be supported by all OAuth2 servers.
|
||||||
|
func (c *Client) ClientCredsToken(scope []string) (result TokenResponse, err error) {
|
||||||
|
v := url.Values{
|
||||||
|
"scope": {strings.Join(scope, " ")},
|
||||||
|
"grant_type": {GrantTypeClientCreds},
|
||||||
|
}
|
||||||
|
|
||||||
|
req, err := c.newAuthenticatedRequest(c.tokenURL.String(), v)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
resp, err := c.hc.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
return parseTokenResponse(resp)
|
||||||
|
}
|
||||||
|
|
||||||
|
// UserCredsToken posts the username and password to obtain a token scoped to the OAuth2 client via the "password" grant_type
|
||||||
|
// May not be supported by all OAuth2 servers.
|
||||||
|
func (c *Client) UserCredsToken(username, password string) (result TokenResponse, err error) {
|
||||||
|
v := url.Values{
|
||||||
|
"scope": {strings.Join(c.scope, " ")},
|
||||||
|
"grant_type": {GrantTypeUserCreds},
|
||||||
|
"username": {username},
|
||||||
|
"password": {password},
|
||||||
|
}
|
||||||
|
|
||||||
|
req, err := c.newAuthenticatedRequest(c.tokenURL.String(), v)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
resp, err := c.hc.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
return parseTokenResponse(resp)
|
||||||
|
}
|
||||||
|
|
||||||
|
// RequestToken requests a token from the Token Endpoint with the specified grantType.
|
||||||
|
// If 'grantType' == GrantTypeAuthCode, then 'value' should be the authorization code.
|
||||||
|
// If 'grantType' == GrantTypeRefreshToken, then 'value' should be the refresh token.
|
||||||
|
func (c *Client) RequestToken(grantType, value string) (result TokenResponse, err error) {
|
||||||
|
v := c.commonURLValues()
|
||||||
|
|
||||||
|
v.Set("grant_type", grantType)
|
||||||
|
v.Set("client_secret", c.creds.Secret)
|
||||||
|
switch grantType {
|
||||||
|
case GrantTypeAuthCode:
|
||||||
|
v.Set("code", value)
|
||||||
|
case GrantTypeRefreshToken:
|
||||||
|
v.Set("refresh_token", value)
|
||||||
|
default:
|
||||||
|
err = fmt.Errorf("unsupported grant_type: %v", grantType)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
req, err := c.newAuthenticatedRequest(c.tokenURL.String(), v)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
resp, err := c.hc.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
return parseTokenResponse(resp)
|
||||||
|
}
|
||||||
|
|
||||||
|
func parseTokenResponse(resp *http.Response) (result TokenResponse, err error) {
|
||||||
|
body, err := ioutil.ReadAll(resp.Body)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
badStatusCode := resp.StatusCode < 200 || resp.StatusCode > 299
|
||||||
|
|
||||||
|
contentType, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
result = TokenResponse{
|
||||||
|
RawBody: body,
|
||||||
|
}
|
||||||
|
|
||||||
|
newError := func(typ, desc, state string) error {
|
||||||
|
if typ == "" {
|
||||||
|
return fmt.Errorf("unrecognized error %s", body)
|
||||||
|
}
|
||||||
|
return &Error{typ, desc, state}
|
||||||
|
}
|
||||||
|
|
||||||
|
if contentType == "application/x-www-form-urlencoded" || contentType == "text/plain" {
|
||||||
|
var vals url.Values
|
||||||
|
vals, err = url.ParseQuery(string(body))
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if error := vals.Get("error"); error != "" || badStatusCode {
|
||||||
|
err = newError(error, vals.Get("error_description"), vals.Get("state"))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
e := vals.Get("expires_in")
|
||||||
|
if e == "" {
|
||||||
|
e = vals.Get("expires")
|
||||||
|
}
|
||||||
|
if e != "" {
|
||||||
|
result.Expires, err = strconv.Atoi(e)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
result.AccessToken = vals.Get("access_token")
|
||||||
|
result.TokenType = vals.Get("token_type")
|
||||||
|
result.IDToken = vals.Get("id_token")
|
||||||
|
result.RefreshToken = vals.Get("refresh_token")
|
||||||
|
result.Scope = vals.Get("scope")
|
||||||
|
} else {
|
||||||
|
var r struct {
|
||||||
|
AccessToken string `json:"access_token"`
|
||||||
|
TokenType string `json:"token_type"`
|
||||||
|
IDToken string `json:"id_token"`
|
||||||
|
RefreshToken string `json:"refresh_token"`
|
||||||
|
Scope string `json:"scope"`
|
||||||
|
State string `json:"state"`
|
||||||
|
ExpiresIn json.Number `json:"expires_in"` // Azure AD returns string
|
||||||
|
Expires int `json:"expires"`
|
||||||
|
Error string `json:"error"`
|
||||||
|
Desc string `json:"error_description"`
|
||||||
|
}
|
||||||
|
if err = json.Unmarshal(body, &r); err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if r.Error != "" || badStatusCode {
|
||||||
|
err = newError(r.Error, r.Desc, r.State)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
result.AccessToken = r.AccessToken
|
||||||
|
result.TokenType = r.TokenType
|
||||||
|
result.IDToken = r.IDToken
|
||||||
|
result.RefreshToken = r.RefreshToken
|
||||||
|
result.Scope = r.Scope
|
||||||
|
if expiresIn, err := r.ExpiresIn.Int64(); err != nil {
|
||||||
|
result.Expires = r.Expires
|
||||||
|
} else {
|
||||||
|
result.Expires = int(expiresIn)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
type TokenResponse struct {
|
||||||
|
AccessToken string
|
||||||
|
TokenType string
|
||||||
|
Expires int
|
||||||
|
IDToken string
|
||||||
|
RefreshToken string // OPTIONAL.
|
||||||
|
Scope string // OPTIONAL, if identical to the scope requested by the client, otherwise, REQUIRED.
|
||||||
|
RawBody []byte // In case callers need some other non-standard info from the token response
|
||||||
|
}
|
||||||
|
|
||||||
|
type AuthCodeRequest struct {
|
||||||
|
ResponseType string
|
||||||
|
ClientID string
|
||||||
|
RedirectURL *url.URL
|
||||||
|
Scope []string
|
||||||
|
State string
|
||||||
|
}
|
||||||
|
|
||||||
|
func ParseAuthCodeRequest(q url.Values) (AuthCodeRequest, error) {
|
||||||
|
acr := AuthCodeRequest{
|
||||||
|
ResponseType: q.Get("response_type"),
|
||||||
|
ClientID: q.Get("client_id"),
|
||||||
|
State: q.Get("state"),
|
||||||
|
Scope: make([]string, 0),
|
||||||
|
}
|
||||||
|
|
||||||
|
qs := strings.TrimSpace(q.Get("scope"))
|
||||||
|
if qs != "" {
|
||||||
|
acr.Scope = strings.Split(qs, " ")
|
||||||
|
}
|
||||||
|
|
||||||
|
err := func() error {
|
||||||
|
if acr.ClientID == "" {
|
||||||
|
return NewError(ErrorInvalidRequest)
|
||||||
|
}
|
||||||
|
|
||||||
|
redirectURL := q.Get("redirect_uri")
|
||||||
|
if redirectURL != "" {
|
||||||
|
ru, err := url.Parse(redirectURL)
|
||||||
|
if err != nil {
|
||||||
|
return NewError(ErrorInvalidRequest)
|
||||||
|
}
|
||||||
|
acr.RedirectURL = ru
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}()
|
||||||
|
|
||||||
|
return acr, err
|
||||||
|
}
|
846
vendor/github.com/coreos/go-oidc/oidc/client.go
generated
vendored
Normal file
846
vendor/github.com/coreos/go-oidc/oidc/client.go
generated
vendored
Normal file
|
@ -0,0 +1,846 @@
|
||||||
|
package oidc
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"net/http"
|
||||||
|
"net/mail"
|
||||||
|
"net/url"
|
||||||
|
"sync"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
phttp "github.com/coreos/go-oidc/http"
|
||||||
|
"github.com/coreos/go-oidc/jose"
|
||||||
|
"github.com/coreos/go-oidc/key"
|
||||||
|
"github.com/coreos/go-oidc/oauth2"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
// amount of time that must pass after the last key sync
|
||||||
|
// completes before another attempt may begin
|
||||||
|
keySyncWindow = 5 * time.Second
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
DefaultScope = []string{"openid", "email", "profile"}
|
||||||
|
|
||||||
|
supportedAuthMethods = map[string]struct{}{
|
||||||
|
oauth2.AuthMethodClientSecretBasic: struct{}{},
|
||||||
|
oauth2.AuthMethodClientSecretPost: struct{}{},
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
type ClientCredentials oauth2.ClientCredentials
|
||||||
|
|
||||||
|
type ClientIdentity struct {
|
||||||
|
Credentials ClientCredentials
|
||||||
|
Metadata ClientMetadata
|
||||||
|
}
|
||||||
|
|
||||||
|
type JWAOptions struct {
|
||||||
|
// SigningAlg specifies an JWA alg for signing JWTs.
|
||||||
|
//
|
||||||
|
// Specifying this field implies different actions depending on the context. It may
|
||||||
|
// require objects be serialized and signed as a JWT instead of plain JSON, or
|
||||||
|
// require an existing JWT object use the specified alg.
|
||||||
|
//
|
||||||
|
// See: http://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
|
||||||
|
SigningAlg string
|
||||||
|
// EncryptionAlg, if provided, specifies that the returned or sent object be stored
|
||||||
|
// (or nested) within a JWT object and encrypted with the provided JWA alg.
|
||||||
|
EncryptionAlg string
|
||||||
|
// EncryptionEnc specifies the JWA enc algorithm to use with EncryptionAlg. If
|
||||||
|
// EncryptionAlg is provided and EncryptionEnc is omitted, this field defaults
|
||||||
|
// to A128CBC-HS256.
|
||||||
|
//
|
||||||
|
// If EncryptionEnc is provided EncryptionAlg must also be specified.
|
||||||
|
EncryptionEnc string
|
||||||
|
}
|
||||||
|
|
||||||
|
func (opt JWAOptions) valid() error {
|
||||||
|
if opt.EncryptionEnc != "" && opt.EncryptionAlg == "" {
|
||||||
|
return errors.New("encryption encoding provided with no encryption algorithm")
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (opt JWAOptions) defaults() JWAOptions {
|
||||||
|
if opt.EncryptionAlg != "" && opt.EncryptionEnc == "" {
|
||||||
|
opt.EncryptionEnc = jose.EncA128CBCHS256
|
||||||
|
}
|
||||||
|
return opt
|
||||||
|
}
|
||||||
|
|
||||||
|
var (
|
||||||
|
// Ensure ClientMetadata satisfies these interfaces.
|
||||||
|
_ json.Marshaler = &ClientMetadata{}
|
||||||
|
_ json.Unmarshaler = &ClientMetadata{}
|
||||||
|
)
|
||||||
|
|
||||||
|
// ClientMetadata holds metadata that the authorization server associates
|
||||||
|
// with a client identifier. The fields range from human-facing display
|
||||||
|
// strings such as client name, to items that impact the security of the
|
||||||
|
// protocol, such as the list of valid redirect URIs.
|
||||||
|
//
|
||||||
|
// See http://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
|
||||||
|
//
|
||||||
|
// TODO: support language specific claim representations
|
||||||
|
// http://openid.net/specs/openid-connect-registration-1_0.html#LanguagesAndScripts
|
||||||
|
type ClientMetadata struct {
|
||||||
|
RedirectURIs []url.URL // Required
|
||||||
|
|
||||||
|
// A list of OAuth 2.0 "response_type" values that the client wishes to restrict
|
||||||
|
// itself to. Either "code", "token", or another registered extension.
|
||||||
|
//
|
||||||
|
// If omitted, only "code" will be used.
|
||||||
|
ResponseTypes []string
|
||||||
|
// A list of OAuth 2.0 grant types the client wishes to restrict itself to.
|
||||||
|
// The grant type values used by OIDC are "authorization_code", "implicit",
|
||||||
|
// and "refresh_token".
|
||||||
|
//
|
||||||
|
// If ommitted, only "authorization_code" will be used.
|
||||||
|
GrantTypes []string
|
||||||
|
// "native" or "web". If omitted, "web".
|
||||||
|
ApplicationType string
|
||||||
|
|
||||||
|
// List of email addresses.
|
||||||
|
Contacts []mail.Address
|
||||||
|
// Name of client to be presented to the end-user.
|
||||||
|
ClientName string
|
||||||
|
// URL that references a logo for the Client application.
|
||||||
|
LogoURI *url.URL
|
||||||
|
// URL of the home page of the Client.
|
||||||
|
ClientURI *url.URL
|
||||||
|
// Profile data policies and terms of use to be provided to the end user.
|
||||||
|
PolicyURI *url.URL
|
||||||
|
TermsOfServiceURI *url.URL
|
||||||
|
|
||||||
|
// URL to or the value of the client's JSON Web Key Set document.
|
||||||
|
JWKSURI *url.URL
|
||||||
|
JWKS *jose.JWKSet
|
||||||
|
|
||||||
|
// URL referencing a flie with a single JSON array of redirect URIs.
|
||||||
|
SectorIdentifierURI *url.URL
|
||||||
|
|
||||||
|
SubjectType string
|
||||||
|
|
||||||
|
// Options to restrict the JWS alg and enc values used for server responses and requests.
|
||||||
|
IDTokenResponseOptions JWAOptions
|
||||||
|
UserInfoResponseOptions JWAOptions
|
||||||
|
RequestObjectOptions JWAOptions
|
||||||
|
|
||||||
|
// Client requested authorization method and signing options for the token endpoint.
|
||||||
|
//
|
||||||
|
// Defaults to "client_secret_basic"
|
||||||
|
TokenEndpointAuthMethod string
|
||||||
|
TokenEndpointAuthSigningAlg string
|
||||||
|
|
||||||
|
// DefaultMaxAge specifies the maximum amount of time in seconds before an authorized
|
||||||
|
// user must reauthroize.
|
||||||
|
//
|
||||||
|
// If 0, no limitation is placed on the maximum.
|
||||||
|
DefaultMaxAge int64
|
||||||
|
// RequireAuthTime specifies if the auth_time claim in the ID token is required.
|
||||||
|
RequireAuthTime bool
|
||||||
|
|
||||||
|
// Default Authentication Context Class Reference values for authentication requests.
|
||||||
|
DefaultACRValues []string
|
||||||
|
|
||||||
|
// URI that a third party can use to initiate a login by the relaying party.
|
||||||
|
//
|
||||||
|
// See: http://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin
|
||||||
|
InitiateLoginURI *url.URL
|
||||||
|
// Pre-registered request_uri values that may be cached by the server.
|
||||||
|
RequestURIs []url.URL
|
||||||
|
}
|
||||||
|
|
||||||
|
// Defaults returns a shallow copy of ClientMetadata with default
|
||||||
|
// values replacing omitted fields.
|
||||||
|
func (m ClientMetadata) Defaults() ClientMetadata {
|
||||||
|
if len(m.ResponseTypes) == 0 {
|
||||||
|
m.ResponseTypes = []string{oauth2.ResponseTypeCode}
|
||||||
|
}
|
||||||
|
if len(m.GrantTypes) == 0 {
|
||||||
|
m.GrantTypes = []string{oauth2.GrantTypeAuthCode}
|
||||||
|
}
|
||||||
|
if m.ApplicationType == "" {
|
||||||
|
m.ApplicationType = "web"
|
||||||
|
}
|
||||||
|
if m.TokenEndpointAuthMethod == "" {
|
||||||
|
m.TokenEndpointAuthMethod = oauth2.AuthMethodClientSecretBasic
|
||||||
|
}
|
||||||
|
m.IDTokenResponseOptions = m.IDTokenResponseOptions.defaults()
|
||||||
|
m.UserInfoResponseOptions = m.UserInfoResponseOptions.defaults()
|
||||||
|
m.RequestObjectOptions = m.RequestObjectOptions.defaults()
|
||||||
|
return m
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *ClientMetadata) MarshalJSON() ([]byte, error) {
|
||||||
|
e := m.toEncodableStruct()
|
||||||
|
return json.Marshal(&e)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *ClientMetadata) UnmarshalJSON(data []byte) error {
|
||||||
|
var e encodableClientMetadata
|
||||||
|
if err := json.Unmarshal(data, &e); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
meta, err := e.toStruct()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := meta.Valid(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
*m = meta
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
type encodableClientMetadata struct {
|
||||||
|
RedirectURIs []string `json:"redirect_uris"` // Required
|
||||||
|
ResponseTypes []string `json:"response_types,omitempty"`
|
||||||
|
GrantTypes []string `json:"grant_types,omitempty"`
|
||||||
|
ApplicationType string `json:"application_type,omitempty"`
|
||||||
|
Contacts []string `json:"contacts,omitempty"`
|
||||||
|
ClientName string `json:"client_name,omitempty"`
|
||||||
|
LogoURI string `json:"logo_uri,omitempty"`
|
||||||
|
ClientURI string `json:"client_uri,omitempty"`
|
||||||
|
PolicyURI string `json:"policy_uri,omitempty"`
|
||||||
|
TermsOfServiceURI string `json:"tos_uri,omitempty"`
|
||||||
|
JWKSURI string `json:"jwks_uri,omitempty"`
|
||||||
|
JWKS *jose.JWKSet `json:"jwks,omitempty"`
|
||||||
|
SectorIdentifierURI string `json:"sector_identifier_uri,omitempty"`
|
||||||
|
SubjectType string `json:"subject_type,omitempty"`
|
||||||
|
IDTokenSignedResponseAlg string `json:"id_token_signed_response_alg,omitempty"`
|
||||||
|
IDTokenEncryptedResponseAlg string `json:"id_token_encrypted_response_alg,omitempty"`
|
||||||
|
IDTokenEncryptedResponseEnc string `json:"id_token_encrypted_response_enc,omitempty"`
|
||||||
|
UserInfoSignedResponseAlg string `json:"userinfo_signed_response_alg,omitempty"`
|
||||||
|
UserInfoEncryptedResponseAlg string `json:"userinfo_encrypted_response_alg,omitempty"`
|
||||||
|
UserInfoEncryptedResponseEnc string `json:"userinfo_encrypted_response_enc,omitempty"`
|
||||||
|
RequestObjectSigningAlg string `json:"request_object_signing_alg,omitempty"`
|
||||||
|
RequestObjectEncryptionAlg string `json:"request_object_encryption_alg,omitempty"`
|
||||||
|
RequestObjectEncryptionEnc string `json:"request_object_encryption_enc,omitempty"`
|
||||||
|
TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty"`
|
||||||
|
TokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg,omitempty"`
|
||||||
|
DefaultMaxAge int64 `json:"default_max_age,omitempty"`
|
||||||
|
RequireAuthTime bool `json:"require_auth_time,omitempty"`
|
||||||
|
DefaultACRValues []string `json:"default_acr_values,omitempty"`
|
||||||
|
InitiateLoginURI string `json:"initiate_login_uri,omitempty"`
|
||||||
|
RequestURIs []string `json:"request_uris,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *encodableClientMetadata) toStruct() (ClientMetadata, error) {
|
||||||
|
p := stickyErrParser{}
|
||||||
|
m := ClientMetadata{
|
||||||
|
RedirectURIs: p.parseURIs(c.RedirectURIs, "redirect_uris"),
|
||||||
|
ResponseTypes: c.ResponseTypes,
|
||||||
|
GrantTypes: c.GrantTypes,
|
||||||
|
ApplicationType: c.ApplicationType,
|
||||||
|
Contacts: p.parseEmails(c.Contacts, "contacts"),
|
||||||
|
ClientName: c.ClientName,
|
||||||
|
LogoURI: p.parseURI(c.LogoURI, "logo_uri"),
|
||||||
|
ClientURI: p.parseURI(c.ClientURI, "client_uri"),
|
||||||
|
PolicyURI: p.parseURI(c.PolicyURI, "policy_uri"),
|
||||||
|
TermsOfServiceURI: p.parseURI(c.TermsOfServiceURI, "tos_uri"),
|
||||||
|
JWKSURI: p.parseURI(c.JWKSURI, "jwks_uri"),
|
||||||
|
JWKS: c.JWKS,
|
||||||
|
SectorIdentifierURI: p.parseURI(c.SectorIdentifierURI, "sector_identifier_uri"),
|
||||||
|
SubjectType: c.SubjectType,
|
||||||
|
TokenEndpointAuthMethod: c.TokenEndpointAuthMethod,
|
||||||
|
TokenEndpointAuthSigningAlg: c.TokenEndpointAuthSigningAlg,
|
||||||
|
DefaultMaxAge: c.DefaultMaxAge,
|
||||||
|
RequireAuthTime: c.RequireAuthTime,
|
||||||
|
DefaultACRValues: c.DefaultACRValues,
|
||||||
|
InitiateLoginURI: p.parseURI(c.InitiateLoginURI, "initiate_login_uri"),
|
||||||
|
RequestURIs: p.parseURIs(c.RequestURIs, "request_uris"),
|
||||||
|
IDTokenResponseOptions: JWAOptions{
|
||||||
|
c.IDTokenSignedResponseAlg,
|
||||||
|
c.IDTokenEncryptedResponseAlg,
|
||||||
|
c.IDTokenEncryptedResponseEnc,
|
||||||
|
},
|
||||||
|
UserInfoResponseOptions: JWAOptions{
|
||||||
|
c.UserInfoSignedResponseAlg,
|
||||||
|
c.UserInfoEncryptedResponseAlg,
|
||||||
|
c.UserInfoEncryptedResponseEnc,
|
||||||
|
},
|
||||||
|
RequestObjectOptions: JWAOptions{
|
||||||
|
c.RequestObjectSigningAlg,
|
||||||
|
c.RequestObjectEncryptionAlg,
|
||||||
|
c.RequestObjectEncryptionEnc,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
if p.firstErr != nil {
|
||||||
|
return ClientMetadata{}, p.firstErr
|
||||||
|
}
|
||||||
|
return m, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// stickyErrParser parses URIs and email addresses. Once it encounters
|
||||||
|
// a parse error, subsequent calls become no-op.
|
||||||
|
type stickyErrParser struct {
|
||||||
|
firstErr error
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *stickyErrParser) parseURI(s, field string) *url.URL {
|
||||||
|
if p.firstErr != nil || s == "" {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
u, err := url.Parse(s)
|
||||||
|
if err == nil {
|
||||||
|
if u.Host == "" {
|
||||||
|
err = errors.New("no host in URI")
|
||||||
|
} else if u.Scheme != "http" && u.Scheme != "https" {
|
||||||
|
err = errors.New("invalid URI scheme")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
p.firstErr = fmt.Errorf("failed to parse %s: %v", field, err)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
return u
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *stickyErrParser) parseURIs(s []string, field string) []url.URL {
|
||||||
|
if p.firstErr != nil || len(s) == 0 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
uris := make([]url.URL, len(s))
|
||||||
|
for i, val := range s {
|
||||||
|
if val == "" {
|
||||||
|
p.firstErr = fmt.Errorf("invalid URI in field %s", field)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
if u := p.parseURI(val, field); u != nil {
|
||||||
|
uris[i] = *u
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return uris
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *stickyErrParser) parseEmails(s []string, field string) []mail.Address {
|
||||||
|
if p.firstErr != nil || len(s) == 0 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
addrs := make([]mail.Address, len(s))
|
||||||
|
for i, addr := range s {
|
||||||
|
if addr == "" {
|
||||||
|
p.firstErr = fmt.Errorf("invalid email in field %s", field)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
a, err := mail.ParseAddress(addr)
|
||||||
|
if err != nil {
|
||||||
|
p.firstErr = fmt.Errorf("invalid email in field %s: %v", field, err)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
addrs[i] = *a
|
||||||
|
}
|
||||||
|
return addrs
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *ClientMetadata) toEncodableStruct() encodableClientMetadata {
|
||||||
|
return encodableClientMetadata{
|
||||||
|
RedirectURIs: urisToStrings(m.RedirectURIs),
|
||||||
|
ResponseTypes: m.ResponseTypes,
|
||||||
|
GrantTypes: m.GrantTypes,
|
||||||
|
ApplicationType: m.ApplicationType,
|
||||||
|
Contacts: emailsToStrings(m.Contacts),
|
||||||
|
ClientName: m.ClientName,
|
||||||
|
LogoURI: uriToString(m.LogoURI),
|
||||||
|
ClientURI: uriToString(m.ClientURI),
|
||||||
|
PolicyURI: uriToString(m.PolicyURI),
|
||||||
|
TermsOfServiceURI: uriToString(m.TermsOfServiceURI),
|
||||||
|
JWKSURI: uriToString(m.JWKSURI),
|
||||||
|
JWKS: m.JWKS,
|
||||||
|
SectorIdentifierURI: uriToString(m.SectorIdentifierURI),
|
||||||
|
SubjectType: m.SubjectType,
|
||||||
|
IDTokenSignedResponseAlg: m.IDTokenResponseOptions.SigningAlg,
|
||||||
|
IDTokenEncryptedResponseAlg: m.IDTokenResponseOptions.EncryptionAlg,
|
||||||
|
IDTokenEncryptedResponseEnc: m.IDTokenResponseOptions.EncryptionEnc,
|
||||||
|
UserInfoSignedResponseAlg: m.UserInfoResponseOptions.SigningAlg,
|
||||||
|
UserInfoEncryptedResponseAlg: m.UserInfoResponseOptions.EncryptionAlg,
|
||||||
|
UserInfoEncryptedResponseEnc: m.UserInfoResponseOptions.EncryptionEnc,
|
||||||
|
RequestObjectSigningAlg: m.RequestObjectOptions.SigningAlg,
|
||||||
|
RequestObjectEncryptionAlg: m.RequestObjectOptions.EncryptionAlg,
|
||||||
|
RequestObjectEncryptionEnc: m.RequestObjectOptions.EncryptionEnc,
|
||||||
|
TokenEndpointAuthMethod: m.TokenEndpointAuthMethod,
|
||||||
|
TokenEndpointAuthSigningAlg: m.TokenEndpointAuthSigningAlg,
|
||||||
|
DefaultMaxAge: m.DefaultMaxAge,
|
||||||
|
RequireAuthTime: m.RequireAuthTime,
|
||||||
|
DefaultACRValues: m.DefaultACRValues,
|
||||||
|
InitiateLoginURI: uriToString(m.InitiateLoginURI),
|
||||||
|
RequestURIs: urisToStrings(m.RequestURIs),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func uriToString(u *url.URL) string {
|
||||||
|
if u == nil {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
return u.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
func urisToStrings(urls []url.URL) []string {
|
||||||
|
if len(urls) == 0 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
sli := make([]string, len(urls))
|
||||||
|
for i, u := range urls {
|
||||||
|
sli[i] = u.String()
|
||||||
|
}
|
||||||
|
return sli
|
||||||
|
}
|
||||||
|
|
||||||
|
func emailsToStrings(addrs []mail.Address) []string {
|
||||||
|
if len(addrs) == 0 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
sli := make([]string, len(addrs))
|
||||||
|
for i, addr := range addrs {
|
||||||
|
sli[i] = addr.String()
|
||||||
|
}
|
||||||
|
return sli
|
||||||
|
}
|
||||||
|
|
||||||
|
// Valid determines if a ClientMetadata conforms with the OIDC specification.
|
||||||
|
//
|
||||||
|
// Valid is called by UnmarshalJSON.
|
||||||
|
//
|
||||||
|
// NOTE(ericchiang): For development purposes Valid does not mandate 'https' for
|
||||||
|
// URLs fields where the OIDC spec requires it. This may change in future releases
|
||||||
|
// of this package. See: https://github.com/coreos/go-oidc/issues/34
|
||||||
|
func (m *ClientMetadata) Valid() error {
|
||||||
|
if len(m.RedirectURIs) == 0 {
|
||||||
|
return errors.New("zero redirect URLs")
|
||||||
|
}
|
||||||
|
|
||||||
|
validURI := func(u *url.URL, fieldName string) error {
|
||||||
|
if u.Host == "" {
|
||||||
|
return fmt.Errorf("no host for uri field %s", fieldName)
|
||||||
|
}
|
||||||
|
if u.Scheme != "http" && u.Scheme != "https" {
|
||||||
|
return fmt.Errorf("uri field %s scheme is not http or https", fieldName)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
uris := []struct {
|
||||||
|
val *url.URL
|
||||||
|
name string
|
||||||
|
}{
|
||||||
|
{m.LogoURI, "logo_uri"},
|
||||||
|
{m.ClientURI, "client_uri"},
|
||||||
|
{m.PolicyURI, "policy_uri"},
|
||||||
|
{m.TermsOfServiceURI, "tos_uri"},
|
||||||
|
{m.JWKSURI, "jwks_uri"},
|
||||||
|
{m.SectorIdentifierURI, "sector_identifier_uri"},
|
||||||
|
{m.InitiateLoginURI, "initiate_login_uri"},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, uri := range uris {
|
||||||
|
if uri.val == nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if err := validURI(uri.val, uri.name); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
uriLists := []struct {
|
||||||
|
vals []url.URL
|
||||||
|
name string
|
||||||
|
}{
|
||||||
|
{m.RedirectURIs, "redirect_uris"},
|
||||||
|
{m.RequestURIs, "request_uris"},
|
||||||
|
}
|
||||||
|
for _, list := range uriLists {
|
||||||
|
for _, uri := range list.vals {
|
||||||
|
if err := validURI(&uri, list.name); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
options := []struct {
|
||||||
|
option JWAOptions
|
||||||
|
name string
|
||||||
|
}{
|
||||||
|
{m.IDTokenResponseOptions, "id_token response"},
|
||||||
|
{m.UserInfoResponseOptions, "userinfo response"},
|
||||||
|
{m.RequestObjectOptions, "request_object"},
|
||||||
|
}
|
||||||
|
for _, option := range options {
|
||||||
|
if err := option.option.valid(); err != nil {
|
||||||
|
return fmt.Errorf("invalid JWA values for %s: %v", option.name, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
type ClientRegistrationResponse struct {
|
||||||
|
ClientID string // Required
|
||||||
|
ClientSecret string
|
||||||
|
RegistrationAccessToken string
|
||||||
|
RegistrationClientURI string
|
||||||
|
// If IsZero is true, unspecified.
|
||||||
|
ClientIDIssuedAt time.Time
|
||||||
|
// Time at which the client_secret will expire.
|
||||||
|
// If IsZero is true, it will not expire.
|
||||||
|
ClientSecretExpiresAt time.Time
|
||||||
|
|
||||||
|
ClientMetadata
|
||||||
|
}
|
||||||
|
|
||||||
|
type encodableClientRegistrationResponse struct {
|
||||||
|
ClientID string `json:"client_id"` // Required
|
||||||
|
ClientSecret string `json:"client_secret,omitempty"`
|
||||||
|
RegistrationAccessToken string `json:"registration_access_token,omitempty"`
|
||||||
|
RegistrationClientURI string `json:"registration_client_uri,omitempty"`
|
||||||
|
ClientIDIssuedAt int64 `json:"client_id_issued_at,omitempty"`
|
||||||
|
// Time at which the client_secret will expire, in seconds since the epoch.
|
||||||
|
// If 0 it will not expire.
|
||||||
|
ClientSecretExpiresAt int64 `json:"client_secret_expires_at"` // Required
|
||||||
|
|
||||||
|
encodableClientMetadata
|
||||||
|
}
|
||||||
|
|
||||||
|
func unixToSec(t time.Time) int64 {
|
||||||
|
if t.IsZero() {
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
return t.Unix()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *ClientRegistrationResponse) MarshalJSON() ([]byte, error) {
|
||||||
|
e := encodableClientRegistrationResponse{
|
||||||
|
ClientID: c.ClientID,
|
||||||
|
ClientSecret: c.ClientSecret,
|
||||||
|
RegistrationAccessToken: c.RegistrationAccessToken,
|
||||||
|
RegistrationClientURI: c.RegistrationClientURI,
|
||||||
|
ClientIDIssuedAt: unixToSec(c.ClientIDIssuedAt),
|
||||||
|
ClientSecretExpiresAt: unixToSec(c.ClientSecretExpiresAt),
|
||||||
|
encodableClientMetadata: c.ClientMetadata.toEncodableStruct(),
|
||||||
|
}
|
||||||
|
return json.Marshal(&e)
|
||||||
|
}
|
||||||
|
|
||||||
|
func secToUnix(sec int64) time.Time {
|
||||||
|
if sec == 0 {
|
||||||
|
return time.Time{}
|
||||||
|
}
|
||||||
|
return time.Unix(sec, 0)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *ClientRegistrationResponse) UnmarshalJSON(data []byte) error {
|
||||||
|
var e encodableClientRegistrationResponse
|
||||||
|
if err := json.Unmarshal(data, &e); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if e.ClientID == "" {
|
||||||
|
return errors.New("no client_id in client registration response")
|
||||||
|
}
|
||||||
|
metadata, err := e.encodableClientMetadata.toStruct()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
*c = ClientRegistrationResponse{
|
||||||
|
ClientID: e.ClientID,
|
||||||
|
ClientSecret: e.ClientSecret,
|
||||||
|
RegistrationAccessToken: e.RegistrationAccessToken,
|
||||||
|
RegistrationClientURI: e.RegistrationClientURI,
|
||||||
|
ClientIDIssuedAt: secToUnix(e.ClientIDIssuedAt),
|
||||||
|
ClientSecretExpiresAt: secToUnix(e.ClientSecretExpiresAt),
|
||||||
|
ClientMetadata: metadata,
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
type ClientConfig struct {
|
||||||
|
HTTPClient phttp.Client
|
||||||
|
Credentials ClientCredentials
|
||||||
|
Scope []string
|
||||||
|
RedirectURL string
|
||||||
|
ProviderConfig ProviderConfig
|
||||||
|
KeySet key.PublicKeySet
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewClient(cfg ClientConfig) (*Client, error) {
|
||||||
|
// Allow empty redirect URL in the case where the client
|
||||||
|
// only needs to verify a given token.
|
||||||
|
ru, err := url.Parse(cfg.RedirectURL)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("invalid redirect URL: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
c := Client{
|
||||||
|
credentials: cfg.Credentials,
|
||||||
|
httpClient: cfg.HTTPClient,
|
||||||
|
scope: cfg.Scope,
|
||||||
|
redirectURL: ru.String(),
|
||||||
|
providerConfig: newProviderConfigRepo(cfg.ProviderConfig),
|
||||||
|
keySet: cfg.KeySet,
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.httpClient == nil {
|
||||||
|
c.httpClient = http.DefaultClient
|
||||||
|
}
|
||||||
|
|
||||||
|
if c.scope == nil {
|
||||||
|
c.scope = make([]string, len(DefaultScope))
|
||||||
|
copy(c.scope, DefaultScope)
|
||||||
|
}
|
||||||
|
|
||||||
|
return &c, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
type Client struct {
|
||||||
|
httpClient phttp.Client
|
||||||
|
providerConfig *providerConfigRepo
|
||||||
|
credentials ClientCredentials
|
||||||
|
redirectURL string
|
||||||
|
scope []string
|
||||||
|
keySet key.PublicKeySet
|
||||||
|
providerSyncer *ProviderConfigSyncer
|
||||||
|
|
||||||
|
keySetSyncMutex sync.RWMutex
|
||||||
|
lastKeySetSync time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Client) Healthy() error {
|
||||||
|
now := time.Now().UTC()
|
||||||
|
|
||||||
|
cfg := c.providerConfig.Get()
|
||||||
|
|
||||||
|
if cfg.Empty() {
|
||||||
|
return errors.New("oidc client provider config empty")
|
||||||
|
}
|
||||||
|
|
||||||
|
if !cfg.ExpiresAt.IsZero() && cfg.ExpiresAt.Before(now) {
|
||||||
|
return errors.New("oidc client provider config expired")
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Client) OAuthClient() (*oauth2.Client, error) {
|
||||||
|
cfg := c.providerConfig.Get()
|
||||||
|
authMethod, err := chooseAuthMethod(cfg)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
ocfg := oauth2.Config{
|
||||||
|
Credentials: oauth2.ClientCredentials(c.credentials),
|
||||||
|
RedirectURL: c.redirectURL,
|
||||||
|
AuthURL: cfg.AuthEndpoint.String(),
|
||||||
|
TokenURL: cfg.TokenEndpoint.String(),
|
||||||
|
Scope: c.scope,
|
||||||
|
AuthMethod: authMethod,
|
||||||
|
}
|
||||||
|
|
||||||
|
return oauth2.NewClient(c.httpClient, ocfg)
|
||||||
|
}
|
||||||
|
|
||||||
|
func chooseAuthMethod(cfg ProviderConfig) (string, error) {
|
||||||
|
if len(cfg.TokenEndpointAuthMethodsSupported) == 0 {
|
||||||
|
return oauth2.AuthMethodClientSecretBasic, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, authMethod := range cfg.TokenEndpointAuthMethodsSupported {
|
||||||
|
if _, ok := supportedAuthMethods[authMethod]; ok {
|
||||||
|
return authMethod, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return "", errors.New("no supported auth methods")
|
||||||
|
}
|
||||||
|
|
||||||
|
// SyncProviderConfig starts the provider config syncer
|
||||||
|
func (c *Client) SyncProviderConfig(discoveryURL string) chan struct{} {
|
||||||
|
r := NewHTTPProviderConfigGetter(c.httpClient, discoveryURL)
|
||||||
|
s := NewProviderConfigSyncer(r, c.providerConfig)
|
||||||
|
stop := s.Run()
|
||||||
|
s.WaitUntilInitialSync()
|
||||||
|
return stop
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Client) maybeSyncKeys() error {
|
||||||
|
tooSoon := func() bool {
|
||||||
|
return time.Now().UTC().Before(c.lastKeySetSync.Add(keySyncWindow))
|
||||||
|
}
|
||||||
|
|
||||||
|
// ignore request to sync keys if a sync operation has been
|
||||||
|
// attempted too recently
|
||||||
|
if tooSoon() {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
c.keySetSyncMutex.Lock()
|
||||||
|
defer c.keySetSyncMutex.Unlock()
|
||||||
|
|
||||||
|
// check again, as another goroutine may have been holding
|
||||||
|
// the lock while updating the keys
|
||||||
|
if tooSoon() {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
cfg := c.providerConfig.Get()
|
||||||
|
r := NewRemotePublicKeyRepo(c.httpClient, cfg.KeysEndpoint.String())
|
||||||
|
w := &clientKeyRepo{client: c}
|
||||||
|
_, err := key.Sync(r, w)
|
||||||
|
c.lastKeySetSync = time.Now().UTC()
|
||||||
|
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
type clientKeyRepo struct {
|
||||||
|
client *Client
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r *clientKeyRepo) Set(ks key.KeySet) error {
|
||||||
|
pks, ok := ks.(*key.PublicKeySet)
|
||||||
|
if !ok {
|
||||||
|
return errors.New("unable to cast to PublicKey")
|
||||||
|
}
|
||||||
|
r.client.keySet = *pks
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Client) ClientCredsToken(scope []string) (jose.JWT, error) {
|
||||||
|
cfg := c.providerConfig.Get()
|
||||||
|
|
||||||
|
if !cfg.SupportsGrantType(oauth2.GrantTypeClientCreds) {
|
||||||
|
return jose.JWT{}, fmt.Errorf("%v grant type is not supported", oauth2.GrantTypeClientCreds)
|
||||||
|
}
|
||||||
|
|
||||||
|
oac, err := c.OAuthClient()
|
||||||
|
if err != nil {
|
||||||
|
return jose.JWT{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
t, err := oac.ClientCredsToken(scope)
|
||||||
|
if err != nil {
|
||||||
|
return jose.JWT{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
jwt, err := jose.ParseJWT(t.IDToken)
|
||||||
|
if err != nil {
|
||||||
|
return jose.JWT{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return jwt, c.VerifyJWT(jwt)
|
||||||
|
}
|
||||||
|
|
||||||
|
// ExchangeAuthCode exchanges an OAuth2 auth code for an OIDC JWT ID token.
|
||||||
|
func (c *Client) ExchangeAuthCode(code string) (jose.JWT, error) {
|
||||||
|
oac, err := c.OAuthClient()
|
||||||
|
if err != nil {
|
||||||
|
return jose.JWT{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
t, err := oac.RequestToken(oauth2.GrantTypeAuthCode, code)
|
||||||
|
if err != nil {
|
||||||
|
return jose.JWT{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
jwt, err := jose.ParseJWT(t.IDToken)
|
||||||
|
if err != nil {
|
||||||
|
return jose.JWT{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return jwt, c.VerifyJWT(jwt)
|
||||||
|
}
|
||||||
|
|
||||||
|
// RefreshToken uses a refresh token to exchange for a new OIDC JWT ID Token.
|
||||||
|
func (c *Client) RefreshToken(refreshToken string) (jose.JWT, error) {
|
||||||
|
oac, err := c.OAuthClient()
|
||||||
|
if err != nil {
|
||||||
|
return jose.JWT{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
t, err := oac.RequestToken(oauth2.GrantTypeRefreshToken, refreshToken)
|
||||||
|
if err != nil {
|
||||||
|
return jose.JWT{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
jwt, err := jose.ParseJWT(t.IDToken)
|
||||||
|
if err != nil {
|
||||||
|
return jose.JWT{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return jwt, c.VerifyJWT(jwt)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Client) VerifyJWT(jwt jose.JWT) error {
|
||||||
|
var keysFunc func() []key.PublicKey
|
||||||
|
if kID, ok := jwt.KeyID(); ok {
|
||||||
|
keysFunc = c.keysFuncWithID(kID)
|
||||||
|
} else {
|
||||||
|
keysFunc = c.keysFuncAll()
|
||||||
|
}
|
||||||
|
|
||||||
|
v := NewJWTVerifier(
|
||||||
|
c.providerConfig.Get().Issuer.String(),
|
||||||
|
c.credentials.ID,
|
||||||
|
c.maybeSyncKeys, keysFunc)
|
||||||
|
|
||||||
|
return v.Verify(jwt)
|
||||||
|
}
|
||||||
|
|
||||||
|
// keysFuncWithID returns a function that retrieves at most unexpired
|
||||||
|
// public key from the Client that matches the provided ID
|
||||||
|
func (c *Client) keysFuncWithID(kID string) func() []key.PublicKey {
|
||||||
|
return func() []key.PublicKey {
|
||||||
|
c.keySetSyncMutex.RLock()
|
||||||
|
defer c.keySetSyncMutex.RUnlock()
|
||||||
|
|
||||||
|
if c.keySet.ExpiresAt().Before(time.Now()) {
|
||||||
|
return []key.PublicKey{}
|
||||||
|
}
|
||||||
|
|
||||||
|
k := c.keySet.Key(kID)
|
||||||
|
if k == nil {
|
||||||
|
return []key.PublicKey{}
|
||||||
|
}
|
||||||
|
|
||||||
|
return []key.PublicKey{*k}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// keysFuncAll returns a function that retrieves all unexpired public
|
||||||
|
// keys from the Client
|
||||||
|
func (c *Client) keysFuncAll() func() []key.PublicKey {
|
||||||
|
return func() []key.PublicKey {
|
||||||
|
c.keySetSyncMutex.RLock()
|
||||||
|
defer c.keySetSyncMutex.RUnlock()
|
||||||
|
|
||||||
|
if c.keySet.ExpiresAt().Before(time.Now()) {
|
||||||
|
return []key.PublicKey{}
|
||||||
|
}
|
||||||
|
|
||||||
|
return c.keySet.Keys()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
type providerConfigRepo struct {
|
||||||
|
mu sync.RWMutex
|
||||||
|
config ProviderConfig // do not access directly, use Get()
|
||||||
|
}
|
||||||
|
|
||||||
|
func newProviderConfigRepo(pc ProviderConfig) *providerConfigRepo {
|
||||||
|
return &providerConfigRepo{sync.RWMutex{}, pc}
|
||||||
|
}
|
||||||
|
|
||||||
|
// returns an error to implement ProviderConfigSetter
|
||||||
|
func (r *providerConfigRepo) Set(cfg ProviderConfig) error {
|
||||||
|
r.mu.Lock()
|
||||||
|
defer r.mu.Unlock()
|
||||||
|
r.config = cfg
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r *providerConfigRepo) Get() ProviderConfig {
|
||||||
|
r.mu.RLock()
|
||||||
|
defer r.mu.RUnlock()
|
||||||
|
return r.config
|
||||||
|
}
|
44
vendor/github.com/coreos/go-oidc/oidc/identity.go
generated
vendored
Normal file
44
vendor/github.com/coreos/go-oidc/oidc/identity.go
generated
vendored
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
package oidc
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/coreos/go-oidc/jose"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Identity struct {
|
||||||
|
ID string
|
||||||
|
Name string
|
||||||
|
Email string
|
||||||
|
ExpiresAt time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
func IdentityFromClaims(claims jose.Claims) (*Identity, error) {
|
||||||
|
if claims == nil {
|
||||||
|
return nil, errors.New("nil claim set")
|
||||||
|
}
|
||||||
|
|
||||||
|
var ident Identity
|
||||||
|
var err error
|
||||||
|
var ok bool
|
||||||
|
|
||||||
|
if ident.ID, ok, err = claims.StringClaim("sub"); err != nil {
|
||||||
|
return nil, err
|
||||||
|
} else if !ok {
|
||||||
|
return nil, errors.New("missing required claim: sub")
|
||||||
|
}
|
||||||
|
|
||||||
|
if ident.Email, _, err = claims.StringClaim("email"); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
exp, ok, err := claims.TimeClaim("exp")
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
} else if ok {
|
||||||
|
ident.ExpiresAt = exp
|
||||||
|
}
|
||||||
|
|
||||||
|
return &ident, nil
|
||||||
|
}
|
3
vendor/github.com/coreos/go-oidc/oidc/interface.go
generated
vendored
Normal file
3
vendor/github.com/coreos/go-oidc/oidc/interface.go
generated
vendored
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
package oidc
|
||||||
|
|
||||||
|
type LoginFunc func(ident Identity, sessionKey string) (redirectURL string, err error)
|
67
vendor/github.com/coreos/go-oidc/oidc/key.go
generated
vendored
Executable file
67
vendor/github.com/coreos/go-oidc/oidc/key.go
generated
vendored
Executable file
|
@ -0,0 +1,67 @@
|
||||||
|
package oidc
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
|
"net/http"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
phttp "github.com/coreos/go-oidc/http"
|
||||||
|
"github.com/coreos/go-oidc/jose"
|
||||||
|
"github.com/coreos/go-oidc/key"
|
||||||
|
)
|
||||||
|
|
||||||
|
// DefaultPublicKeySetTTL is the default TTL set on the PublicKeySet if no
|
||||||
|
// Cache-Control header is provided by the JWK Set document endpoint.
|
||||||
|
const DefaultPublicKeySetTTL = 24 * time.Hour
|
||||||
|
|
||||||
|
// NewRemotePublicKeyRepo is responsible for fetching the JWK Set document.
|
||||||
|
func NewRemotePublicKeyRepo(hc phttp.Client, ep string) *remotePublicKeyRepo {
|
||||||
|
return &remotePublicKeyRepo{hc: hc, ep: ep}
|
||||||
|
}
|
||||||
|
|
||||||
|
type remotePublicKeyRepo struct {
|
||||||
|
hc phttp.Client
|
||||||
|
ep string
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get returns a PublicKeySet fetched from the JWK Set document endpoint. A TTL
|
||||||
|
// is set on the Key Set to avoid it having to be re-retrieved for every
|
||||||
|
// encryption event. This TTL is typically controlled by the endpoint returning
|
||||||
|
// a Cache-Control header, but defaults to 24 hours if no Cache-Control header
|
||||||
|
// is found.
|
||||||
|
func (r *remotePublicKeyRepo) Get() (key.KeySet, error) {
|
||||||
|
req, err := http.NewRequest("GET", r.ep, nil)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
resp, err := r.hc.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
var d struct {
|
||||||
|
Keys []jose.JWK `json:"keys"`
|
||||||
|
}
|
||||||
|
if err := json.NewDecoder(resp.Body).Decode(&d); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(d.Keys) == 0 {
|
||||||
|
return nil, errors.New("zero keys in response")
|
||||||
|
}
|
||||||
|
|
||||||
|
ttl, ok, err := phttp.Cacheable(resp.Header)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
if !ok {
|
||||||
|
ttl = DefaultPublicKeySetTTL
|
||||||
|
}
|
||||||
|
|
||||||
|
exp := time.Now().UTC().Add(ttl)
|
||||||
|
ks := key.NewPublicKeySet(d.Keys, exp)
|
||||||
|
return ks, nil
|
||||||
|
}
|
690
vendor/github.com/coreos/go-oidc/oidc/provider.go
generated
vendored
Normal file
690
vendor/github.com/coreos/go-oidc/oidc/provider.go
generated
vendored
Normal file
|
@ -0,0 +1,690 @@
|
||||||
|
package oidc
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"log"
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
"strings"
|
||||||
|
"sync"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/coreos/pkg/timeutil"
|
||||||
|
"github.com/jonboulle/clockwork"
|
||||||
|
|
||||||
|
phttp "github.com/coreos/go-oidc/http"
|
||||||
|
"github.com/coreos/go-oidc/oauth2"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
// Subject Identifier types defined by the OIDC spec. Specifies if the provider
|
||||||
|
// should provide the same sub claim value to all clients (public) or a unique
|
||||||
|
// value for each client (pairwise).
|
||||||
|
//
|
||||||
|
// See: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
|
||||||
|
SubjectTypePublic = "public"
|
||||||
|
SubjectTypePairwise = "pairwise"
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
// Default values for omitted provider config fields.
|
||||||
|
//
|
||||||
|
// Use ProviderConfig's Defaults method to fill a provider config with these values.
|
||||||
|
DefaultGrantTypesSupported = []string{oauth2.GrantTypeAuthCode, oauth2.GrantTypeImplicit}
|
||||||
|
DefaultResponseModesSupported = []string{"query", "fragment"}
|
||||||
|
DefaultTokenEndpointAuthMethodsSupported = []string{oauth2.AuthMethodClientSecretBasic}
|
||||||
|
DefaultClaimTypesSupported = []string{"normal"}
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
MaximumProviderConfigSyncInterval = 24 * time.Hour
|
||||||
|
MinimumProviderConfigSyncInterval = time.Minute
|
||||||
|
|
||||||
|
discoveryConfigPath = "/.well-known/openid-configuration"
|
||||||
|
)
|
||||||
|
|
||||||
|
// internally configurable for tests
|
||||||
|
var minimumProviderConfigSyncInterval = MinimumProviderConfigSyncInterval
|
||||||
|
|
||||||
|
var (
|
||||||
|
// Ensure ProviderConfig satisfies these interfaces.
|
||||||
|
_ json.Marshaler = &ProviderConfig{}
|
||||||
|
_ json.Unmarshaler = &ProviderConfig{}
|
||||||
|
)
|
||||||
|
|
||||||
|
// ProviderConfig represents the OpenID Provider Metadata specifying what
|
||||||
|
// configurations a provider supports.
|
||||||
|
//
|
||||||
|
// See: http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
||||||
|
type ProviderConfig struct {
|
||||||
|
Issuer *url.URL // Required
|
||||||
|
AuthEndpoint *url.URL // Required
|
||||||
|
TokenEndpoint *url.URL // Required if grant types other than "implicit" are supported
|
||||||
|
UserInfoEndpoint *url.URL
|
||||||
|
KeysEndpoint *url.URL // Required
|
||||||
|
RegistrationEndpoint *url.URL
|
||||||
|
EndSessionEndpoint *url.URL
|
||||||
|
CheckSessionIFrame *url.URL
|
||||||
|
|
||||||
|
// Servers MAY choose not to advertise some supported scope values even when this
|
||||||
|
// parameter is used, although those defined in OpenID Core SHOULD be listed, if supported.
|
||||||
|
ScopesSupported []string
|
||||||
|
// OAuth2.0 response types supported.
|
||||||
|
ResponseTypesSupported []string // Required
|
||||||
|
// OAuth2.0 response modes supported.
|
||||||
|
//
|
||||||
|
// If omitted, defaults to DefaultResponseModesSupported.
|
||||||
|
ResponseModesSupported []string
|
||||||
|
// OAuth2.0 grant types supported.
|
||||||
|
//
|
||||||
|
// If omitted, defaults to DefaultGrantTypesSupported.
|
||||||
|
GrantTypesSupported []string
|
||||||
|
ACRValuesSupported []string
|
||||||
|
// SubjectTypesSupported specifies strategies for providing values for the sub claim.
|
||||||
|
SubjectTypesSupported []string // Required
|
||||||
|
|
||||||
|
// JWA signing and encryption algorith values supported for ID tokens.
|
||||||
|
IDTokenSigningAlgValues []string // Required
|
||||||
|
IDTokenEncryptionAlgValues []string
|
||||||
|
IDTokenEncryptionEncValues []string
|
||||||
|
|
||||||
|
// JWA signing and encryption algorith values supported for user info responses.
|
||||||
|
UserInfoSigningAlgValues []string
|
||||||
|
UserInfoEncryptionAlgValues []string
|
||||||
|
UserInfoEncryptionEncValues []string
|
||||||
|
|
||||||
|
// JWA signing and encryption algorith values supported for request objects.
|
||||||
|
ReqObjSigningAlgValues []string
|
||||||
|
ReqObjEncryptionAlgValues []string
|
||||||
|
ReqObjEncryptionEncValues []string
|
||||||
|
|
||||||
|
TokenEndpointAuthMethodsSupported []string
|
||||||
|
TokenEndpointAuthSigningAlgValuesSupported []string
|
||||||
|
DisplayValuesSupported []string
|
||||||
|
ClaimTypesSupported []string
|
||||||
|
ClaimsSupported []string
|
||||||
|
ServiceDocs *url.URL
|
||||||
|
ClaimsLocalsSupported []string
|
||||||
|
UILocalsSupported []string
|
||||||
|
ClaimsParameterSupported bool
|
||||||
|
RequestParameterSupported bool
|
||||||
|
RequestURIParamaterSupported bool
|
||||||
|
RequireRequestURIRegistration bool
|
||||||
|
|
||||||
|
Policy *url.URL
|
||||||
|
TermsOfService *url.URL
|
||||||
|
|
||||||
|
// Not part of the OpenID Provider Metadata
|
||||||
|
ExpiresAt time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
// Defaults returns a shallow copy of ProviderConfig with default
|
||||||
|
// values replacing omitted fields.
|
||||||
|
//
|
||||||
|
// var cfg oidc.ProviderConfig
|
||||||
|
// // Fill provider config with default values for omitted fields.
|
||||||
|
// cfg = cfg.Defaults()
|
||||||
|
//
|
||||||
|
func (p ProviderConfig) Defaults() ProviderConfig {
|
||||||
|
setDefault := func(val *[]string, defaultVal []string) {
|
||||||
|
if len(*val) == 0 {
|
||||||
|
*val = defaultVal
|
||||||
|
}
|
||||||
|
}
|
||||||
|
setDefault(&p.GrantTypesSupported, DefaultGrantTypesSupported)
|
||||||
|
setDefault(&p.ResponseModesSupported, DefaultResponseModesSupported)
|
||||||
|
setDefault(&p.TokenEndpointAuthMethodsSupported, DefaultTokenEndpointAuthMethodsSupported)
|
||||||
|
setDefault(&p.ClaimTypesSupported, DefaultClaimTypesSupported)
|
||||||
|
return p
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *ProviderConfig) MarshalJSON() ([]byte, error) {
|
||||||
|
e := p.toEncodableStruct()
|
||||||
|
return json.Marshal(&e)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *ProviderConfig) UnmarshalJSON(data []byte) error {
|
||||||
|
var e encodableProviderConfig
|
||||||
|
if err := json.Unmarshal(data, &e); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
conf, err := e.toStruct()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := conf.Valid(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
*p = conf
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
type encodableProviderConfig struct {
|
||||||
|
Issuer string `json:"issuer"`
|
||||||
|
AuthEndpoint string `json:"authorization_endpoint"`
|
||||||
|
TokenEndpoint string `json:"token_endpoint"`
|
||||||
|
UserInfoEndpoint string `json:"userinfo_endpoint,omitempty"`
|
||||||
|
KeysEndpoint string `json:"jwks_uri"`
|
||||||
|
RegistrationEndpoint string `json:"registration_endpoint,omitempty"`
|
||||||
|
EndSessionEndpoint string `json:"end_session_endpoint,omitempty"`
|
||||||
|
CheckSessionIFrame string `json:"check_session_iframe,omitempty"`
|
||||||
|
|
||||||
|
// Use 'omitempty' for all slices as per OIDC spec:
|
||||||
|
// "Claims that return multiple values are represented as JSON arrays.
|
||||||
|
// Claims with zero elements MUST be omitted from the response."
|
||||||
|
// http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse
|
||||||
|
|
||||||
|
ScopesSupported []string `json:"scopes_supported,omitempty"`
|
||||||
|
ResponseTypesSupported []string `json:"response_types_supported,omitempty"`
|
||||||
|
ResponseModesSupported []string `json:"response_modes_supported,omitempty"`
|
||||||
|
GrantTypesSupported []string `json:"grant_types_supported,omitempty"`
|
||||||
|
ACRValuesSupported []string `json:"acr_values_supported,omitempty"`
|
||||||
|
SubjectTypesSupported []string `json:"subject_types_supported,omitempty"`
|
||||||
|
|
||||||
|
IDTokenSigningAlgValues []string `json:"id_token_signing_alg_values_supported,omitempty"`
|
||||||
|
IDTokenEncryptionAlgValues []string `json:"id_token_encryption_alg_values_supported,omitempty"`
|
||||||
|
IDTokenEncryptionEncValues []string `json:"id_token_encryption_enc_values_supported,omitempty"`
|
||||||
|
UserInfoSigningAlgValues []string `json:"userinfo_signing_alg_values_supported,omitempty"`
|
||||||
|
UserInfoEncryptionAlgValues []string `json:"userinfo_encryption_alg_values_supported,omitempty"`
|
||||||
|
UserInfoEncryptionEncValues []string `json:"userinfo_encryption_enc_values_supported,omitempty"`
|
||||||
|
ReqObjSigningAlgValues []string `json:"request_object_signing_alg_values_supported,omitempty"`
|
||||||
|
ReqObjEncryptionAlgValues []string `json:"request_object_encryption_alg_values_supported,omitempty"`
|
||||||
|
ReqObjEncryptionEncValues []string `json:"request_object_encryption_enc_values_supported,omitempty"`
|
||||||
|
|
||||||
|
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported,omitempty"`
|
||||||
|
TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported,omitempty"`
|
||||||
|
|
||||||
|
DisplayValuesSupported []string `json:"display_values_supported,omitempty"`
|
||||||
|
ClaimTypesSupported []string `json:"claim_types_supported,omitempty"`
|
||||||
|
ClaimsSupported []string `json:"claims_supported,omitempty"`
|
||||||
|
ServiceDocs string `json:"service_documentation,omitempty"`
|
||||||
|
ClaimsLocalsSupported []string `json:"claims_locales_supported,omitempty"`
|
||||||
|
UILocalsSupported []string `json:"ui_locales_supported,omitempty"`
|
||||||
|
ClaimsParameterSupported bool `json:"claims_parameter_supported,omitempty"`
|
||||||
|
RequestParameterSupported bool `json:"request_parameter_supported,omitempty"`
|
||||||
|
RequestURIParamaterSupported bool `json:"request_uri_parameter_supported,omitempty"`
|
||||||
|
RequireRequestURIRegistration bool `json:"require_request_uri_registration,omitempty"`
|
||||||
|
|
||||||
|
Policy string `json:"op_policy_uri,omitempty"`
|
||||||
|
TermsOfService string `json:"op_tos_uri,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func (cfg ProviderConfig) toEncodableStruct() encodableProviderConfig {
|
||||||
|
return encodableProviderConfig{
|
||||||
|
Issuer: uriToString(cfg.Issuer),
|
||||||
|
AuthEndpoint: uriToString(cfg.AuthEndpoint),
|
||||||
|
TokenEndpoint: uriToString(cfg.TokenEndpoint),
|
||||||
|
UserInfoEndpoint: uriToString(cfg.UserInfoEndpoint),
|
||||||
|
KeysEndpoint: uriToString(cfg.KeysEndpoint),
|
||||||
|
RegistrationEndpoint: uriToString(cfg.RegistrationEndpoint),
|
||||||
|
EndSessionEndpoint: uriToString(cfg.EndSessionEndpoint),
|
||||||
|
CheckSessionIFrame: uriToString(cfg.CheckSessionIFrame),
|
||||||
|
ScopesSupported: cfg.ScopesSupported,
|
||||||
|
ResponseTypesSupported: cfg.ResponseTypesSupported,
|
||||||
|
ResponseModesSupported: cfg.ResponseModesSupported,
|
||||||
|
GrantTypesSupported: cfg.GrantTypesSupported,
|
||||||
|
ACRValuesSupported: cfg.ACRValuesSupported,
|
||||||
|
SubjectTypesSupported: cfg.SubjectTypesSupported,
|
||||||
|
IDTokenSigningAlgValues: cfg.IDTokenSigningAlgValues,
|
||||||
|
IDTokenEncryptionAlgValues: cfg.IDTokenEncryptionAlgValues,
|
||||||
|
IDTokenEncryptionEncValues: cfg.IDTokenEncryptionEncValues,
|
||||||
|
UserInfoSigningAlgValues: cfg.UserInfoSigningAlgValues,
|
||||||
|
UserInfoEncryptionAlgValues: cfg.UserInfoEncryptionAlgValues,
|
||||||
|
UserInfoEncryptionEncValues: cfg.UserInfoEncryptionEncValues,
|
||||||
|
ReqObjSigningAlgValues: cfg.ReqObjSigningAlgValues,
|
||||||
|
ReqObjEncryptionAlgValues: cfg.ReqObjEncryptionAlgValues,
|
||||||
|
ReqObjEncryptionEncValues: cfg.ReqObjEncryptionEncValues,
|
||||||
|
TokenEndpointAuthMethodsSupported: cfg.TokenEndpointAuthMethodsSupported,
|
||||||
|
TokenEndpointAuthSigningAlgValuesSupported: cfg.TokenEndpointAuthSigningAlgValuesSupported,
|
||||||
|
DisplayValuesSupported: cfg.DisplayValuesSupported,
|
||||||
|
ClaimTypesSupported: cfg.ClaimTypesSupported,
|
||||||
|
ClaimsSupported: cfg.ClaimsSupported,
|
||||||
|
ServiceDocs: uriToString(cfg.ServiceDocs),
|
||||||
|
ClaimsLocalsSupported: cfg.ClaimsLocalsSupported,
|
||||||
|
UILocalsSupported: cfg.UILocalsSupported,
|
||||||
|
ClaimsParameterSupported: cfg.ClaimsParameterSupported,
|
||||||
|
RequestParameterSupported: cfg.RequestParameterSupported,
|
||||||
|
RequestURIParamaterSupported: cfg.RequestURIParamaterSupported,
|
||||||
|
RequireRequestURIRegistration: cfg.RequireRequestURIRegistration,
|
||||||
|
Policy: uriToString(cfg.Policy),
|
||||||
|
TermsOfService: uriToString(cfg.TermsOfService),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (e encodableProviderConfig) toStruct() (ProviderConfig, error) {
|
||||||
|
p := stickyErrParser{}
|
||||||
|
conf := ProviderConfig{
|
||||||
|
Issuer: p.parseURI(e.Issuer, "issuer"),
|
||||||
|
AuthEndpoint: p.parseURI(e.AuthEndpoint, "authorization_endpoint"),
|
||||||
|
TokenEndpoint: p.parseURI(e.TokenEndpoint, "token_endpoint"),
|
||||||
|
UserInfoEndpoint: p.parseURI(e.UserInfoEndpoint, "userinfo_endpoint"),
|
||||||
|
KeysEndpoint: p.parseURI(e.KeysEndpoint, "jwks_uri"),
|
||||||
|
RegistrationEndpoint: p.parseURI(e.RegistrationEndpoint, "registration_endpoint"),
|
||||||
|
EndSessionEndpoint: p.parseURI(e.EndSessionEndpoint, "end_session_endpoint"),
|
||||||
|
CheckSessionIFrame: p.parseURI(e.CheckSessionIFrame, "check_session_iframe"),
|
||||||
|
ScopesSupported: e.ScopesSupported,
|
||||||
|
ResponseTypesSupported: e.ResponseTypesSupported,
|
||||||
|
ResponseModesSupported: e.ResponseModesSupported,
|
||||||
|
GrantTypesSupported: e.GrantTypesSupported,
|
||||||
|
ACRValuesSupported: e.ACRValuesSupported,
|
||||||
|
SubjectTypesSupported: e.SubjectTypesSupported,
|
||||||
|
IDTokenSigningAlgValues: e.IDTokenSigningAlgValues,
|
||||||
|
IDTokenEncryptionAlgValues: e.IDTokenEncryptionAlgValues,
|
||||||
|
IDTokenEncryptionEncValues: e.IDTokenEncryptionEncValues,
|
||||||
|
UserInfoSigningAlgValues: e.UserInfoSigningAlgValues,
|
||||||
|
UserInfoEncryptionAlgValues: e.UserInfoEncryptionAlgValues,
|
||||||
|
UserInfoEncryptionEncValues: e.UserInfoEncryptionEncValues,
|
||||||
|
ReqObjSigningAlgValues: e.ReqObjSigningAlgValues,
|
||||||
|
ReqObjEncryptionAlgValues: e.ReqObjEncryptionAlgValues,
|
||||||
|
ReqObjEncryptionEncValues: e.ReqObjEncryptionEncValues,
|
||||||
|
TokenEndpointAuthMethodsSupported: e.TokenEndpointAuthMethodsSupported,
|
||||||
|
TokenEndpointAuthSigningAlgValuesSupported: e.TokenEndpointAuthSigningAlgValuesSupported,
|
||||||
|
DisplayValuesSupported: e.DisplayValuesSupported,
|
||||||
|
ClaimTypesSupported: e.ClaimTypesSupported,
|
||||||
|
ClaimsSupported: e.ClaimsSupported,
|
||||||
|
ServiceDocs: p.parseURI(e.ServiceDocs, "service_documentation"),
|
||||||
|
ClaimsLocalsSupported: e.ClaimsLocalsSupported,
|
||||||
|
UILocalsSupported: e.UILocalsSupported,
|
||||||
|
ClaimsParameterSupported: e.ClaimsParameterSupported,
|
||||||
|
RequestParameterSupported: e.RequestParameterSupported,
|
||||||
|
RequestURIParamaterSupported: e.RequestURIParamaterSupported,
|
||||||
|
RequireRequestURIRegistration: e.RequireRequestURIRegistration,
|
||||||
|
Policy: p.parseURI(e.Policy, "op_policy-uri"),
|
||||||
|
TermsOfService: p.parseURI(e.TermsOfService, "op_tos_uri"),
|
||||||
|
}
|
||||||
|
if p.firstErr != nil {
|
||||||
|
return ProviderConfig{}, p.firstErr
|
||||||
|
}
|
||||||
|
return conf, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Empty returns if a ProviderConfig holds no information.
|
||||||
|
//
|
||||||
|
// This case generally indicates a ProviderConfigGetter has experienced an error
|
||||||
|
// and has nothing to report.
|
||||||
|
func (p ProviderConfig) Empty() bool {
|
||||||
|
return p.Issuer == nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func contains(sli []string, ele string) bool {
|
||||||
|
for _, s := range sli {
|
||||||
|
if s == ele {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
// Valid determines if a ProviderConfig conforms with the OIDC specification.
|
||||||
|
// If Valid returns successfully it guarantees required field are non-nil and
|
||||||
|
// URLs are well formed.
|
||||||
|
//
|
||||||
|
// Valid is called by UnmarshalJSON.
|
||||||
|
//
|
||||||
|
// NOTE(ericchiang): For development purposes Valid does not mandate 'https' for
|
||||||
|
// URLs fields where the OIDC spec requires it. This may change in future releases
|
||||||
|
// of this package. See: https://github.com/coreos/go-oidc/issues/34
|
||||||
|
func (p ProviderConfig) Valid() error {
|
||||||
|
grantTypes := p.GrantTypesSupported
|
||||||
|
if len(grantTypes) == 0 {
|
||||||
|
grantTypes = DefaultGrantTypesSupported
|
||||||
|
}
|
||||||
|
implicitOnly := true
|
||||||
|
for _, grantType := range grantTypes {
|
||||||
|
if grantType != oauth2.GrantTypeImplicit {
|
||||||
|
implicitOnly = false
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(p.SubjectTypesSupported) == 0 {
|
||||||
|
return errors.New("missing required field subject_types_supported")
|
||||||
|
}
|
||||||
|
if len(p.IDTokenSigningAlgValues) == 0 {
|
||||||
|
return errors.New("missing required field id_token_signing_alg_values_supported")
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(p.ScopesSupported) != 0 && !contains(p.ScopesSupported, "openid") {
|
||||||
|
return errors.New("scoped_supported must be unspecified or include 'openid'")
|
||||||
|
}
|
||||||
|
|
||||||
|
if !contains(p.IDTokenSigningAlgValues, "RS256") {
|
||||||
|
return errors.New("id_token_signing_alg_values_supported must include 'RS256'")
|
||||||
|
}
|
||||||
|
if contains(p.TokenEndpointAuthMethodsSupported, "none") {
|
||||||
|
return errors.New("token_endpoint_auth_signing_alg_values_supported cannot include 'none'")
|
||||||
|
}
|
||||||
|
|
||||||
|
uris := []struct {
|
||||||
|
val *url.URL
|
||||||
|
name string
|
||||||
|
required bool
|
||||||
|
}{
|
||||||
|
{p.Issuer, "issuer", true},
|
||||||
|
{p.AuthEndpoint, "authorization_endpoint", true},
|
||||||
|
{p.TokenEndpoint, "token_endpoint", !implicitOnly},
|
||||||
|
{p.UserInfoEndpoint, "userinfo_endpoint", false},
|
||||||
|
{p.KeysEndpoint, "jwks_uri", true},
|
||||||
|
{p.RegistrationEndpoint, "registration_endpoint", false},
|
||||||
|
{p.EndSessionEndpoint, "end_session_endpoint", false},
|
||||||
|
{p.CheckSessionIFrame, "check_session_iframe", false},
|
||||||
|
{p.ServiceDocs, "service_documentation", false},
|
||||||
|
{p.Policy, "op_policy_uri", false},
|
||||||
|
{p.TermsOfService, "op_tos_uri", false},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, uri := range uris {
|
||||||
|
if uri.val == nil {
|
||||||
|
if !uri.required {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
return fmt.Errorf("empty value for required uri field %s", uri.name)
|
||||||
|
}
|
||||||
|
if uri.val.Host == "" {
|
||||||
|
return fmt.Errorf("no host for uri field %s", uri.name)
|
||||||
|
}
|
||||||
|
if uri.val.Scheme != "http" && uri.val.Scheme != "https" {
|
||||||
|
return fmt.Errorf("uri field %s schemeis not http or https", uri.name)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Supports determines if provider supports a client given their respective metadata.
|
||||||
|
func (p ProviderConfig) Supports(c ClientMetadata) error {
|
||||||
|
if err := p.Valid(); err != nil {
|
||||||
|
return fmt.Errorf("invalid provider config: %v", err)
|
||||||
|
}
|
||||||
|
if err := c.Valid(); err != nil {
|
||||||
|
return fmt.Errorf("invalid client config: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Fill default values for omitted fields
|
||||||
|
c = c.Defaults()
|
||||||
|
p = p.Defaults()
|
||||||
|
|
||||||
|
// Do the supported values list the requested one?
|
||||||
|
supports := []struct {
|
||||||
|
supported []string
|
||||||
|
requested string
|
||||||
|
name string
|
||||||
|
}{
|
||||||
|
{p.IDTokenSigningAlgValues, c.IDTokenResponseOptions.SigningAlg, "id_token_signed_response_alg"},
|
||||||
|
{p.IDTokenEncryptionAlgValues, c.IDTokenResponseOptions.EncryptionAlg, "id_token_encryption_response_alg"},
|
||||||
|
{p.IDTokenEncryptionEncValues, c.IDTokenResponseOptions.EncryptionEnc, "id_token_encryption_response_enc"},
|
||||||
|
{p.UserInfoSigningAlgValues, c.UserInfoResponseOptions.SigningAlg, "userinfo_signed_response_alg"},
|
||||||
|
{p.UserInfoEncryptionAlgValues, c.UserInfoResponseOptions.EncryptionAlg, "userinfo_encryption_response_alg"},
|
||||||
|
{p.UserInfoEncryptionEncValues, c.UserInfoResponseOptions.EncryptionEnc, "userinfo_encryption_response_enc"},
|
||||||
|
{p.ReqObjSigningAlgValues, c.RequestObjectOptions.SigningAlg, "request_object_signing_alg"},
|
||||||
|
{p.ReqObjEncryptionAlgValues, c.RequestObjectOptions.EncryptionAlg, "request_object_encryption_alg"},
|
||||||
|
{p.ReqObjEncryptionEncValues, c.RequestObjectOptions.EncryptionEnc, "request_object_encryption_enc"},
|
||||||
|
}
|
||||||
|
for _, field := range supports {
|
||||||
|
if field.requested == "" {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if !contains(field.supported, field.requested) {
|
||||||
|
return fmt.Errorf("provider does not support requested value for field %s", field.name)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stringsEqual := func(s1, s2 string) bool { return s1 == s2 }
|
||||||
|
|
||||||
|
// For lists, are the list of requested values a subset of the supported ones?
|
||||||
|
supportsAll := []struct {
|
||||||
|
supported []string
|
||||||
|
requested []string
|
||||||
|
name string
|
||||||
|
// OAuth2.0 response_type can be space separated lists where order doesn't matter.
|
||||||
|
// For example "id_token token" is the same as "token id_token"
|
||||||
|
// Support a custom compare method.
|
||||||
|
comp func(s1, s2 string) bool
|
||||||
|
}{
|
||||||
|
{p.GrantTypesSupported, c.GrantTypes, "grant_types", stringsEqual},
|
||||||
|
{p.ResponseTypesSupported, c.ResponseTypes, "response_type", oauth2.ResponseTypesEqual},
|
||||||
|
}
|
||||||
|
for _, field := range supportsAll {
|
||||||
|
requestLoop:
|
||||||
|
for _, req := range field.requested {
|
||||||
|
for _, sup := range field.supported {
|
||||||
|
if field.comp(req, sup) {
|
||||||
|
continue requestLoop
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return fmt.Errorf("provider does not support requested value for field %s", field.name)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO(ericchiang): Are there more checks we feel comfortable with begin strict about?
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p ProviderConfig) SupportsGrantType(grantType string) bool {
|
||||||
|
var supported []string
|
||||||
|
if len(p.GrantTypesSupported) == 0 {
|
||||||
|
supported = DefaultGrantTypesSupported
|
||||||
|
} else {
|
||||||
|
supported = p.GrantTypesSupported
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, t := range supported {
|
||||||
|
if t == grantType {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
type ProviderConfigGetter interface {
|
||||||
|
Get() (ProviderConfig, error)
|
||||||
|
}
|
||||||
|
|
||||||
|
type ProviderConfigSetter interface {
|
||||||
|
Set(ProviderConfig) error
|
||||||
|
}
|
||||||
|
|
||||||
|
type ProviderConfigSyncer struct {
|
||||||
|
from ProviderConfigGetter
|
||||||
|
to ProviderConfigSetter
|
||||||
|
clock clockwork.Clock
|
||||||
|
|
||||||
|
initialSyncDone bool
|
||||||
|
initialSyncWait sync.WaitGroup
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewProviderConfigSyncer(from ProviderConfigGetter, to ProviderConfigSetter) *ProviderConfigSyncer {
|
||||||
|
return &ProviderConfigSyncer{
|
||||||
|
from: from,
|
||||||
|
to: to,
|
||||||
|
clock: clockwork.NewRealClock(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *ProviderConfigSyncer) Run() chan struct{} {
|
||||||
|
stop := make(chan struct{})
|
||||||
|
|
||||||
|
var next pcsStepper
|
||||||
|
next = &pcsStepNext{aft: time.Duration(0)}
|
||||||
|
|
||||||
|
s.initialSyncWait.Add(1)
|
||||||
|
go func() {
|
||||||
|
for {
|
||||||
|
select {
|
||||||
|
case <-s.clock.After(next.after()):
|
||||||
|
next = next.step(s.sync)
|
||||||
|
case <-stop:
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
return stop
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *ProviderConfigSyncer) WaitUntilInitialSync() {
|
||||||
|
s.initialSyncWait.Wait()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *ProviderConfigSyncer) sync() (time.Duration, error) {
|
||||||
|
cfg, err := s.from.Get()
|
||||||
|
if err != nil {
|
||||||
|
return 0, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if err = s.to.Set(cfg); err != nil {
|
||||||
|
return 0, fmt.Errorf("error setting provider config: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !s.initialSyncDone {
|
||||||
|
s.initialSyncWait.Done()
|
||||||
|
s.initialSyncDone = true
|
||||||
|
}
|
||||||
|
|
||||||
|
return nextSyncAfter(cfg.ExpiresAt, s.clock), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
type pcsStepFunc func() (time.Duration, error)
|
||||||
|
|
||||||
|
type pcsStepper interface {
|
||||||
|
after() time.Duration
|
||||||
|
step(pcsStepFunc) pcsStepper
|
||||||
|
}
|
||||||
|
|
||||||
|
type pcsStepNext struct {
|
||||||
|
aft time.Duration
|
||||||
|
}
|
||||||
|
|
||||||
|
func (n *pcsStepNext) after() time.Duration {
|
||||||
|
return n.aft
|
||||||
|
}
|
||||||
|
|
||||||
|
func (n *pcsStepNext) step(fn pcsStepFunc) (next pcsStepper) {
|
||||||
|
ttl, err := fn()
|
||||||
|
if err == nil {
|
||||||
|
next = &pcsStepNext{aft: ttl}
|
||||||
|
} else {
|
||||||
|
next = &pcsStepRetry{aft: time.Second}
|
||||||
|
log.Printf("go-oidc: provider config sync falied, retyring in %v: %v", next.after(), err)
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
type pcsStepRetry struct {
|
||||||
|
aft time.Duration
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r *pcsStepRetry) after() time.Duration {
|
||||||
|
return r.aft
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r *pcsStepRetry) step(fn pcsStepFunc) (next pcsStepper) {
|
||||||
|
ttl, err := fn()
|
||||||
|
if err == nil {
|
||||||
|
next = &pcsStepNext{aft: ttl}
|
||||||
|
} else {
|
||||||
|
next = &pcsStepRetry{aft: timeutil.ExpBackoff(r.aft, time.Minute)}
|
||||||
|
log.Printf("go-oidc: provider config sync falied, retyring in %v: %v", next.after(), err)
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
func nextSyncAfter(exp time.Time, clock clockwork.Clock) time.Duration {
|
||||||
|
if exp.IsZero() {
|
||||||
|
return MaximumProviderConfigSyncInterval
|
||||||
|
}
|
||||||
|
|
||||||
|
t := exp.Sub(clock.Now()) / 2
|
||||||
|
if t > MaximumProviderConfigSyncInterval {
|
||||||
|
t = MaximumProviderConfigSyncInterval
|
||||||
|
} else if t < minimumProviderConfigSyncInterval {
|
||||||
|
t = minimumProviderConfigSyncInterval
|
||||||
|
}
|
||||||
|
|
||||||
|
return t
|
||||||
|
}
|
||||||
|
|
||||||
|
type httpProviderConfigGetter struct {
|
||||||
|
hc phttp.Client
|
||||||
|
issuerURL string
|
||||||
|
clock clockwork.Clock
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewHTTPProviderConfigGetter(hc phttp.Client, issuerURL string) *httpProviderConfigGetter {
|
||||||
|
return &httpProviderConfigGetter{
|
||||||
|
hc: hc,
|
||||||
|
issuerURL: issuerURL,
|
||||||
|
clock: clockwork.NewRealClock(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r *httpProviderConfigGetter) Get() (cfg ProviderConfig, err error) {
|
||||||
|
// If the Issuer value contains a path component, any terminating / MUST be removed before
|
||||||
|
// appending /.well-known/openid-configuration.
|
||||||
|
// https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest
|
||||||
|
discoveryURL := strings.TrimSuffix(r.issuerURL, "/") + discoveryConfigPath
|
||||||
|
req, err := http.NewRequest("GET", discoveryURL, nil)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
resp, err := r.hc.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
if err = json.NewDecoder(resp.Body).Decode(&cfg); err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
var ttl time.Duration
|
||||||
|
var ok bool
|
||||||
|
ttl, ok, err = phttp.Cacheable(resp.Header)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
} else if ok {
|
||||||
|
cfg.ExpiresAt = r.clock.Now().UTC().Add(ttl)
|
||||||
|
}
|
||||||
|
|
||||||
|
// The issuer value returned MUST be identical to the Issuer URL that was directly used to retrieve the configuration information.
|
||||||
|
// http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation
|
||||||
|
if !urlEqual(cfg.Issuer.String(), r.issuerURL) {
|
||||||
|
err = fmt.Errorf(`"issuer" in config (%v) does not match provided issuer URL (%v)`, cfg.Issuer, r.issuerURL)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
func FetchProviderConfig(hc phttp.Client, issuerURL string) (ProviderConfig, error) {
|
||||||
|
if hc == nil {
|
||||||
|
hc = http.DefaultClient
|
||||||
|
}
|
||||||
|
|
||||||
|
g := NewHTTPProviderConfigGetter(hc, issuerURL)
|
||||||
|
return g.Get()
|
||||||
|
}
|
||||||
|
|
||||||
|
func WaitForProviderConfig(hc phttp.Client, issuerURL string) (pcfg ProviderConfig) {
|
||||||
|
return waitForProviderConfig(hc, issuerURL, clockwork.NewRealClock())
|
||||||
|
}
|
||||||
|
|
||||||
|
func waitForProviderConfig(hc phttp.Client, issuerURL string, clock clockwork.Clock) (pcfg ProviderConfig) {
|
||||||
|
var sleep time.Duration
|
||||||
|
var err error
|
||||||
|
for {
|
||||||
|
pcfg, err = FetchProviderConfig(hc, issuerURL)
|
||||||
|
if err == nil {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
|
||||||
|
sleep = timeutil.ExpBackoff(sleep, time.Minute)
|
||||||
|
fmt.Printf("Failed fetching provider config, trying again in %v: %v\n", sleep, err)
|
||||||
|
time.Sleep(sleep)
|
||||||
|
}
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
88
vendor/github.com/coreos/go-oidc/oidc/transport.go
generated
vendored
Normal file
88
vendor/github.com/coreos/go-oidc/oidc/transport.go
generated
vendored
Normal file
|
@ -0,0 +1,88 @@
|
||||||
|
package oidc
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"net/http"
|
||||||
|
"sync"
|
||||||
|
|
||||||
|
phttp "github.com/coreos/go-oidc/http"
|
||||||
|
"github.com/coreos/go-oidc/jose"
|
||||||
|
)
|
||||||
|
|
||||||
|
type TokenRefresher interface {
|
||||||
|
// Verify checks if the provided token is currently valid or not.
|
||||||
|
Verify(jose.JWT) error
|
||||||
|
|
||||||
|
// Refresh attempts to authenticate and retrieve a new token.
|
||||||
|
Refresh() (jose.JWT, error)
|
||||||
|
}
|
||||||
|
|
||||||
|
type ClientCredsTokenRefresher struct {
|
||||||
|
Issuer string
|
||||||
|
OIDCClient *Client
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *ClientCredsTokenRefresher) Verify(jwt jose.JWT) (err error) {
|
||||||
|
_, err = VerifyClientClaims(jwt, c.Issuer)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *ClientCredsTokenRefresher) Refresh() (jwt jose.JWT, err error) {
|
||||||
|
if err = c.OIDCClient.Healthy(); err != nil {
|
||||||
|
err = fmt.Errorf("unable to authenticate, unhealthy OIDC client: %v", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
jwt, err = c.OIDCClient.ClientCredsToken([]string{"openid"})
|
||||||
|
if err != nil {
|
||||||
|
err = fmt.Errorf("unable to verify auth code with issuer: %v", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
type AuthenticatedTransport struct {
|
||||||
|
TokenRefresher
|
||||||
|
http.RoundTripper
|
||||||
|
|
||||||
|
mu sync.Mutex
|
||||||
|
jwt jose.JWT
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t *AuthenticatedTransport) verifiedJWT() (jose.JWT, error) {
|
||||||
|
t.mu.Lock()
|
||||||
|
defer t.mu.Unlock()
|
||||||
|
|
||||||
|
if t.TokenRefresher.Verify(t.jwt) == nil {
|
||||||
|
return t.jwt, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
jwt, err := t.TokenRefresher.Refresh()
|
||||||
|
if err != nil {
|
||||||
|
return jose.JWT{}, fmt.Errorf("unable to acquire valid JWT: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
t.jwt = jwt
|
||||||
|
return t.jwt, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetJWT sets the JWT held by the Transport.
|
||||||
|
// This is useful for cases in which you want to set an initial JWT.
|
||||||
|
func (t *AuthenticatedTransport) SetJWT(jwt jose.JWT) {
|
||||||
|
t.mu.Lock()
|
||||||
|
defer t.mu.Unlock()
|
||||||
|
|
||||||
|
t.jwt = jwt
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t *AuthenticatedTransport) RoundTrip(r *http.Request) (*http.Response, error) {
|
||||||
|
jwt, err := t.verifiedJWT()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
req := phttp.CopyRequest(r)
|
||||||
|
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", jwt.Encode()))
|
||||||
|
return t.RoundTripper.RoundTrip(req)
|
||||||
|
}
|
109
vendor/github.com/coreos/go-oidc/oidc/util.go
generated
vendored
Normal file
109
vendor/github.com/coreos/go-oidc/oidc/util.go
generated
vendored
Normal file
|
@ -0,0 +1,109 @@
|
||||||
|
package oidc
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/rand"
|
||||||
|
"encoding/base64"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"net"
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/coreos/go-oidc/jose"
|
||||||
|
)
|
||||||
|
|
||||||
|
// RequestTokenExtractor funcs extract a raw encoded token from a request.
|
||||||
|
type RequestTokenExtractor func(r *http.Request) (string, error)
|
||||||
|
|
||||||
|
// ExtractBearerToken is a RequestTokenExtractor which extracts a bearer token from a request's
|
||||||
|
// Authorization header.
|
||||||
|
func ExtractBearerToken(r *http.Request) (string, error) {
|
||||||
|
ah := r.Header.Get("Authorization")
|
||||||
|
if ah == "" {
|
||||||
|
return "", errors.New("missing Authorization header")
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(ah) <= 6 || strings.ToUpper(ah[0:6]) != "BEARER" {
|
||||||
|
return "", errors.New("should be a bearer token")
|
||||||
|
}
|
||||||
|
|
||||||
|
val := ah[7:]
|
||||||
|
if len(val) == 0 {
|
||||||
|
return "", errors.New("bearer token is empty")
|
||||||
|
}
|
||||||
|
|
||||||
|
return val, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// CookieTokenExtractor returns a RequestTokenExtractor which extracts a token from the named cookie in a request.
|
||||||
|
func CookieTokenExtractor(cookieName string) RequestTokenExtractor {
|
||||||
|
return func(r *http.Request) (string, error) {
|
||||||
|
ck, err := r.Cookie(cookieName)
|
||||||
|
if err != nil {
|
||||||
|
return "", fmt.Errorf("token cookie not found in request: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if ck.Value == "" {
|
||||||
|
return "", errors.New("token cookie found but is empty")
|
||||||
|
}
|
||||||
|
|
||||||
|
return ck.Value, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewClaims(iss, sub string, aud interface{}, iat, exp time.Time) jose.Claims {
|
||||||
|
return jose.Claims{
|
||||||
|
// required
|
||||||
|
"iss": iss,
|
||||||
|
"sub": sub,
|
||||||
|
"aud": aud,
|
||||||
|
"iat": iat.Unix(),
|
||||||
|
"exp": exp.Unix(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func GenClientID(hostport string) (string, error) {
|
||||||
|
b, err := randBytes(32)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
var host string
|
||||||
|
if strings.Contains(hostport, ":") {
|
||||||
|
host, _, err = net.SplitHostPort(hostport)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
host = hostport
|
||||||
|
}
|
||||||
|
|
||||||
|
return fmt.Sprintf("%s@%s", base64.URLEncoding.EncodeToString(b), host), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func randBytes(n int) ([]byte, error) {
|
||||||
|
b := make([]byte, n)
|
||||||
|
got, err := rand.Read(b)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
} else if n != got {
|
||||||
|
return nil, errors.New("unable to generate enough random data")
|
||||||
|
}
|
||||||
|
return b, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// urlEqual checks two urls for equality using only the host and path portions.
|
||||||
|
func urlEqual(url1, url2 string) bool {
|
||||||
|
u1, err := url.Parse(url1)
|
||||||
|
if err != nil {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
u2, err := url.Parse(url2)
|
||||||
|
if err != nil {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
return strings.ToLower(u1.Host+u1.Path) == strings.ToLower(u2.Host+u2.Path)
|
||||||
|
}
|
190
vendor/github.com/coreos/go-oidc/oidc/verification.go
generated
vendored
Normal file
190
vendor/github.com/coreos/go-oidc/oidc/verification.go
generated
vendored
Normal file
|
@ -0,0 +1,190 @@
|
||||||
|
package oidc
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/jonboulle/clockwork"
|
||||||
|
|
||||||
|
"github.com/coreos/go-oidc/jose"
|
||||||
|
"github.com/coreos/go-oidc/key"
|
||||||
|
)
|
||||||
|
|
||||||
|
func VerifySignature(jwt jose.JWT, keys []key.PublicKey) (bool, error) {
|
||||||
|
jwtBytes := []byte(jwt.Data())
|
||||||
|
for _, k := range keys {
|
||||||
|
v, err := k.Verifier()
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
if v.Verify(jwt.Signature, jwtBytes) == nil {
|
||||||
|
return true, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// containsString returns true if the given string(needle) is found
|
||||||
|
// in the string array(haystack).
|
||||||
|
func containsString(needle string, haystack []string) bool {
|
||||||
|
for _, v := range haystack {
|
||||||
|
if v == needle {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
// Verify claims in accordance with OIDC spec
|
||||||
|
// http://openid.net/specs/openid-connect-basic-1_0.html#IDTokenValidation
|
||||||
|
func VerifyClaims(jwt jose.JWT, issuer, clientID string) error {
|
||||||
|
now := time.Now().UTC()
|
||||||
|
|
||||||
|
claims, err := jwt.Claims()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
ident, err := IdentityFromClaims(claims)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if ident.ExpiresAt.Before(now) {
|
||||||
|
return errors.New("token is expired")
|
||||||
|
}
|
||||||
|
|
||||||
|
// iss REQUIRED. Issuer Identifier for the Issuer of the response.
|
||||||
|
// The iss value is a case sensitive URL using the https scheme that contains scheme,
|
||||||
|
// host, and optionally, port number and path components and no query or fragment components.
|
||||||
|
if iss, exists := claims["iss"].(string); exists {
|
||||||
|
if !urlEqual(iss, issuer) {
|
||||||
|
return fmt.Errorf("invalid claim value: 'iss'. expected=%s, found=%s.", issuer, iss)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
return errors.New("missing claim: 'iss'")
|
||||||
|
}
|
||||||
|
|
||||||
|
// iat REQUIRED. Time at which the JWT was issued.
|
||||||
|
// Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z
|
||||||
|
// as measured in UTC until the date/time.
|
||||||
|
if _, exists := claims["iat"].(float64); !exists {
|
||||||
|
return errors.New("missing claim: 'iat'")
|
||||||
|
}
|
||||||
|
|
||||||
|
// aud REQUIRED. Audience(s) that this ID Token is intended for.
|
||||||
|
// It MUST contain the OAuth 2.0 client_id of the Relying Party as an audience value.
|
||||||
|
// It MAY also contain identifiers for other audiences. In the general case, the aud
|
||||||
|
// value is an array of case sensitive strings. In the common special case when there
|
||||||
|
// is one audience, the aud value MAY be a single case sensitive string.
|
||||||
|
if aud, ok, err := claims.StringClaim("aud"); err == nil && ok {
|
||||||
|
if aud != clientID {
|
||||||
|
return fmt.Errorf("invalid claims, 'aud' claim and 'client_id' do not match, aud=%s, client_id=%s", aud, clientID)
|
||||||
|
}
|
||||||
|
} else if aud, ok, err := claims.StringsClaim("aud"); err == nil && ok {
|
||||||
|
if !containsString(clientID, aud) {
|
||||||
|
return fmt.Errorf("invalid claims, cannot find 'client_id' in 'aud' claim, aud=%v, client_id=%s", aud, clientID)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
return errors.New("invalid claim value: 'aud' is required, and should be either string or string array")
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// VerifyClientClaims verifies all the required claims are valid for a "client credentials" JWT.
|
||||||
|
// Returns the client ID if valid, or an error if invalid.
|
||||||
|
func VerifyClientClaims(jwt jose.JWT, issuer string) (string, error) {
|
||||||
|
claims, err := jwt.Claims()
|
||||||
|
if err != nil {
|
||||||
|
return "", fmt.Errorf("failed to parse JWT claims: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
iss, ok, err := claims.StringClaim("iss")
|
||||||
|
if err != nil {
|
||||||
|
return "", fmt.Errorf("failed to parse 'iss' claim: %v", err)
|
||||||
|
} else if !ok {
|
||||||
|
return "", errors.New("missing required 'iss' claim")
|
||||||
|
} else if !urlEqual(iss, issuer) {
|
||||||
|
return "", fmt.Errorf("'iss' claim does not match expected issuer, iss=%s", iss)
|
||||||
|
}
|
||||||
|
|
||||||
|
sub, ok, err := claims.StringClaim("sub")
|
||||||
|
if err != nil {
|
||||||
|
return "", fmt.Errorf("failed to parse 'sub' claim: %v", err)
|
||||||
|
} else if !ok {
|
||||||
|
return "", errors.New("missing required 'sub' claim")
|
||||||
|
}
|
||||||
|
|
||||||
|
if aud, ok, err := claims.StringClaim("aud"); err == nil && ok {
|
||||||
|
if aud != sub {
|
||||||
|
return "", fmt.Errorf("invalid claims, 'aud' claim and 'sub' claim do not match, aud=%s, sub=%s", aud, sub)
|
||||||
|
}
|
||||||
|
} else if aud, ok, err := claims.StringsClaim("aud"); err == nil && ok {
|
||||||
|
if !containsString(sub, aud) {
|
||||||
|
return "", fmt.Errorf("invalid claims, cannot find 'sud' in 'aud' claim, aud=%v, sub=%s", aud, sub)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
return "", errors.New("invalid claim value: 'aud' is required, and should be either string or string array")
|
||||||
|
}
|
||||||
|
|
||||||
|
now := time.Now().UTC()
|
||||||
|
exp, ok, err := claims.TimeClaim("exp")
|
||||||
|
if err != nil {
|
||||||
|
return "", fmt.Errorf("failed to parse 'exp' claim: %v", err)
|
||||||
|
} else if !ok {
|
||||||
|
return "", errors.New("missing required 'exp' claim")
|
||||||
|
} else if exp.Before(now) {
|
||||||
|
return "", fmt.Errorf("token already expired at: %v", exp)
|
||||||
|
}
|
||||||
|
|
||||||
|
return sub, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
type JWTVerifier struct {
|
||||||
|
issuer string
|
||||||
|
clientID string
|
||||||
|
syncFunc func() error
|
||||||
|
keysFunc func() []key.PublicKey
|
||||||
|
clock clockwork.Clock
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewJWTVerifier(issuer, clientID string, syncFunc func() error, keysFunc func() []key.PublicKey) JWTVerifier {
|
||||||
|
return JWTVerifier{
|
||||||
|
issuer: issuer,
|
||||||
|
clientID: clientID,
|
||||||
|
syncFunc: syncFunc,
|
||||||
|
keysFunc: keysFunc,
|
||||||
|
clock: clockwork.NewRealClock(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *JWTVerifier) Verify(jwt jose.JWT) error {
|
||||||
|
// Verify claims before verifying the signature. This is an optimization to throw out
|
||||||
|
// tokens we know are invalid without undergoing an expensive signature check and
|
||||||
|
// possibly a re-sync event.
|
||||||
|
if err := VerifyClaims(jwt, v.issuer, v.clientID); err != nil {
|
||||||
|
return fmt.Errorf("oidc: JWT claims invalid: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
ok, err := VerifySignature(jwt, v.keysFunc())
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("oidc: JWT signature verification failed: %v", err)
|
||||||
|
} else if ok {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
if err = v.syncFunc(); err != nil {
|
||||||
|
return fmt.Errorf("oidc: failed syncing KeySet: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
ok, err = VerifySignature(jwt, v.keysFunc())
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("oidc: JWT signature verification failed: %v", err)
|
||||||
|
} else if !ok {
|
||||||
|
return errors.New("oidc: unable to verify JWT signature: no matching keys")
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
202
vendor/github.com/coreos/pkg/LICENSE
generated
vendored
Normal file
202
vendor/github.com/coreos/pkg/LICENSE
generated
vendored
Normal file
|
@ -0,0 +1,202 @@
|
||||||
|
Apache License
|
||||||
|
Version 2.0, January 2004
|
||||||
|
http://www.apache.org/licenses/
|
||||||
|
|
||||||
|
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||||
|
|
||||||
|
1. Definitions.
|
||||||
|
|
||||||
|
"License" shall mean the terms and conditions for use, reproduction,
|
||||||
|
and distribution as defined by Sections 1 through 9 of this document.
|
||||||
|
|
||||||
|
"Licensor" shall mean the copyright owner or entity authorized by
|
||||||
|
the copyright owner that is granting the License.
|
||||||
|
|
||||||
|
"Legal Entity" shall mean the union of the acting entity and all
|
||||||
|
other entities that control, are controlled by, or are under common
|
||||||
|
control with that entity. For the purposes of this definition,
|
||||||
|
"control" means (i) the power, direct or indirect, to cause the
|
||||||
|
direction or management of such entity, whether by contract or
|
||||||
|
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||||
|
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||||
|
|
||||||
|
"You" (or "Your") shall mean an individual or Legal Entity
|
||||||
|
exercising permissions granted by this License.
|
||||||
|
|
||||||
|
"Source" form shall mean the preferred form for making modifications,
|
||||||
|
including but not limited to software source code, documentation
|
||||||
|
source, and configuration files.
|
||||||
|
|
||||||
|
"Object" form shall mean any form resulting from mechanical
|
||||||
|
transformation or translation of a Source form, including but
|
||||||
|
not limited to compiled object code, generated documentation,
|
||||||
|
and conversions to other media types.
|
||||||
|
|
||||||
|
"Work" shall mean the work of authorship, whether in Source or
|
||||||
|
Object form, made available under the License, as indicated by a
|
||||||
|
copyright notice that is included in or attached to the work
|
||||||
|
(an example is provided in the Appendix below).
|
||||||
|
|
||||||
|
"Derivative Works" shall mean any work, whether in Source or Object
|
||||||
|
form, that is based on (or derived from) the Work and for which the
|
||||||
|
editorial revisions, annotations, elaborations, or other modifications
|
||||||
|
represent, as a whole, an original work of authorship. For the purposes
|
||||||
|
of this License, Derivative Works shall not include works that remain
|
||||||
|
separable from, or merely link (or bind by name) to the interfaces of,
|
||||||
|
the Work and Derivative Works thereof.
|
||||||
|
|
||||||
|
"Contribution" shall mean any work of authorship, including
|
||||||
|
the original version of the Work and any modifications or additions
|
||||||
|
to that Work or Derivative Works thereof, that is intentionally
|
||||||
|
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||||
|
or by an individual or Legal Entity authorized to submit on behalf of
|
||||||
|
the copyright owner. For the purposes of this definition, "submitted"
|
||||||
|
means any form of electronic, verbal, or written communication sent
|
||||||
|
to the Licensor or its representatives, including but not limited to
|
||||||
|
communication on electronic mailing lists, source code control systems,
|
||||||
|
and issue tracking systems that are managed by, or on behalf of, the
|
||||||
|
Licensor for the purpose of discussing and improving the Work, but
|
||||||
|
excluding communication that is conspicuously marked or otherwise
|
||||||
|
designated in writing by the copyright owner as "Not a Contribution."
|
||||||
|
|
||||||
|
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||||
|
on behalf of whom a Contribution has been received by Licensor and
|
||||||
|
subsequently incorporated within the Work.
|
||||||
|
|
||||||
|
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
copyright license to reproduce, prepare Derivative Works of,
|
||||||
|
publicly display, publicly perform, sublicense, and distribute the
|
||||||
|
Work and such Derivative Works in Source or Object form.
|
||||||
|
|
||||||
|
3. Grant of Patent License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
(except as stated in this section) patent license to make, have made,
|
||||||
|
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||||
|
where such license applies only to those patent claims licensable
|
||||||
|
by such Contributor that are necessarily infringed by their
|
||||||
|
Contribution(s) alone or by combination of their Contribution(s)
|
||||||
|
with the Work to which such Contribution(s) was submitted. If You
|
||||||
|
institute patent litigation against any entity (including a
|
||||||
|
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||||
|
or a Contribution incorporated within the Work constitutes direct
|
||||||
|
or contributory patent infringement, then any patent licenses
|
||||||
|
granted to You under this License for that Work shall terminate
|
||||||
|
as of the date such litigation is filed.
|
||||||
|
|
||||||
|
4. Redistribution. You may reproduce and distribute copies of the
|
||||||
|
Work or Derivative Works thereof in any medium, with or without
|
||||||
|
modifications, and in Source or Object form, provided that You
|
||||||
|
meet the following conditions:
|
||||||
|
|
||||||
|
(a) You must give any other recipients of the Work or
|
||||||
|
Derivative Works a copy of this License; and
|
||||||
|
|
||||||
|
(b) You must cause any modified files to carry prominent notices
|
||||||
|
stating that You changed the files; and
|
||||||
|
|
||||||
|
(c) You must retain, in the Source form of any Derivative Works
|
||||||
|
that You distribute, all copyright, patent, trademark, and
|
||||||
|
attribution notices from the Source form of the Work,
|
||||||
|
excluding those notices that do not pertain to any part of
|
||||||
|
the Derivative Works; and
|
||||||
|
|
||||||
|
(d) If the Work includes a "NOTICE" text file as part of its
|
||||||
|
distribution, then any Derivative Works that You distribute must
|
||||||
|
include a readable copy of the attribution notices contained
|
||||||
|
within such NOTICE file, excluding those notices that do not
|
||||||
|
pertain to any part of the Derivative Works, in at least one
|
||||||
|
of the following places: within a NOTICE text file distributed
|
||||||
|
as part of the Derivative Works; within the Source form or
|
||||||
|
documentation, if provided along with the Derivative Works; or,
|
||||||
|
within a display generated by the Derivative Works, if and
|
||||||
|
wherever such third-party notices normally appear. The contents
|
||||||
|
of the NOTICE file are for informational purposes only and
|
||||||
|
do not modify the License. You may add Your own attribution
|
||||||
|
notices within Derivative Works that You distribute, alongside
|
||||||
|
or as an addendum to the NOTICE text from the Work, provided
|
||||||
|
that such additional attribution notices cannot be construed
|
||||||
|
as modifying the License.
|
||||||
|
|
||||||
|
You may add Your own copyright statement to Your modifications and
|
||||||
|
may provide additional or different license terms and conditions
|
||||||
|
for use, reproduction, or distribution of Your modifications, or
|
||||||
|
for any such Derivative Works as a whole, provided Your use,
|
||||||
|
reproduction, and distribution of the Work otherwise complies with
|
||||||
|
the conditions stated in this License.
|
||||||
|
|
||||||
|
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||||
|
any Contribution intentionally submitted for inclusion in the Work
|
||||||
|
by You to the Licensor shall be under the terms and conditions of
|
||||||
|
this License, without any additional terms or conditions.
|
||||||
|
Notwithstanding the above, nothing herein shall supersede or modify
|
||||||
|
the terms of any separate license agreement you may have executed
|
||||||
|
with Licensor regarding such Contributions.
|
||||||
|
|
||||||
|
6. Trademarks. This License does not grant permission to use the trade
|
||||||
|
names, trademarks, service marks, or product names of the Licensor,
|
||||||
|
except as required for reasonable and customary use in describing the
|
||||||
|
origin of the Work and reproducing the content of the NOTICE file.
|
||||||
|
|
||||||
|
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||||
|
agreed to in writing, Licensor provides the Work (and each
|
||||||
|
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||||
|
implied, including, without limitation, any warranties or conditions
|
||||||
|
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||||
|
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||||
|
appropriateness of using or redistributing the Work and assume any
|
||||||
|
risks associated with Your exercise of permissions under this License.
|
||||||
|
|
||||||
|
8. Limitation of Liability. In no event and under no legal theory,
|
||||||
|
whether in tort (including negligence), contract, or otherwise,
|
||||||
|
unless required by applicable law (such as deliberate and grossly
|
||||||
|
negligent acts) or agreed to in writing, shall any Contributor be
|
||||||
|
liable to You for damages, including any direct, indirect, special,
|
||||||
|
incidental, or consequential damages of any character arising as a
|
||||||
|
result of this License or out of the use or inability to use the
|
||||||
|
Work (including but not limited to damages for loss of goodwill,
|
||||||
|
work stoppage, computer failure or malfunction, or any and all
|
||||||
|
other commercial damages or losses), even if such Contributor
|
||||||
|
has been advised of the possibility of such damages.
|
||||||
|
|
||||||
|
9. Accepting Warranty or Additional Liability. While redistributing
|
||||||
|
the Work or Derivative Works thereof, You may choose to offer,
|
||||||
|
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||||
|
or other liability obligations and/or rights consistent with this
|
||||||
|
License. However, in accepting such obligations, You may act only
|
||||||
|
on Your own behalf and on Your sole responsibility, not on behalf
|
||||||
|
of any other Contributor, and only if You agree to indemnify,
|
||||||
|
defend, and hold each Contributor harmless for any liability
|
||||||
|
incurred by, or claims asserted against, such Contributor by reason
|
||||||
|
of your accepting any such warranty or additional liability.
|
||||||
|
|
||||||
|
END OF TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
APPENDIX: How to apply the Apache License to your work.
|
||||||
|
|
||||||
|
To apply the Apache License to your work, attach the following
|
||||||
|
boilerplate notice, with the fields enclosed by brackets "{}"
|
||||||
|
replaced with your own identifying information. (Don't include
|
||||||
|
the brackets!) The text should be enclosed in the appropriate
|
||||||
|
comment syntax for the file format. We also recommend that a
|
||||||
|
file or class name and description of purpose be included on the
|
||||||
|
same "printed page" as the copyright notice for easier
|
||||||
|
identification within third-party archives.
|
||||||
|
|
||||||
|
Copyright {yyyy} {name of copyright owner}
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
|
5
vendor/github.com/coreos/pkg/NOTICE
generated
vendored
Normal file
5
vendor/github.com/coreos/pkg/NOTICE
generated
vendored
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
CoreOS Project
|
||||||
|
Copyright 2014 CoreOS, Inc
|
||||||
|
|
||||||
|
This product includes software developed at CoreOS, Inc.
|
||||||
|
(http://www.coreos.com/).
|
127
vendor/github.com/coreos/pkg/health/health.go
generated
vendored
Normal file
127
vendor/github.com/coreos/pkg/health/health.go
generated
vendored
Normal file
|
@ -0,0 +1,127 @@
|
||||||
|
package health
|
||||||
|
|
||||||
|
import (
|
||||||
|
"expvar"
|
||||||
|
"fmt"
|
||||||
|
"log"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/coreos/pkg/httputil"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Checkables should return nil when the thing they are checking is healthy, and an error otherwise.
|
||||||
|
type Checkable interface {
|
||||||
|
Healthy() error
|
||||||
|
}
|
||||||
|
|
||||||
|
// Checker provides a way to make an endpoint which can be probed for system health.
|
||||||
|
type Checker struct {
|
||||||
|
// Checks are the Checkables to be checked when probing.
|
||||||
|
Checks []Checkable
|
||||||
|
|
||||||
|
// Unhealthyhandler is called when one or more of the checks are unhealthy.
|
||||||
|
// If not provided DefaultUnhealthyHandler is called.
|
||||||
|
UnhealthyHandler UnhealthyHandler
|
||||||
|
|
||||||
|
// HealthyHandler is called when all checks are healthy.
|
||||||
|
// If not provided, DefaultHealthyHandler is called.
|
||||||
|
HealthyHandler http.HandlerFunc
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c Checker) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
|
unhealthyHandler := c.UnhealthyHandler
|
||||||
|
if unhealthyHandler == nil {
|
||||||
|
unhealthyHandler = DefaultUnhealthyHandler
|
||||||
|
}
|
||||||
|
|
||||||
|
successHandler := c.HealthyHandler
|
||||||
|
if successHandler == nil {
|
||||||
|
successHandler = DefaultHealthyHandler
|
||||||
|
}
|
||||||
|
|
||||||
|
if r.Method != "GET" {
|
||||||
|
w.Header().Set("Allow", "GET")
|
||||||
|
w.WriteHeader(http.StatusMethodNotAllowed)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := Check(c.Checks); err != nil {
|
||||||
|
unhealthyHandler(w, r, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
successHandler(w, r)
|
||||||
|
}
|
||||||
|
|
||||||
|
type UnhealthyHandler func(w http.ResponseWriter, r *http.Request, err error)
|
||||||
|
|
||||||
|
type StatusResponse struct {
|
||||||
|
Status string `json:"status"`
|
||||||
|
Details *StatusResponseDetails `json:"details,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type StatusResponseDetails struct {
|
||||||
|
Code int `json:"code,omitempty"`
|
||||||
|
Message string `json:"message,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func Check(checks []Checkable) (err error) {
|
||||||
|
errs := []error{}
|
||||||
|
for _, c := range checks {
|
||||||
|
if e := c.Healthy(); e != nil {
|
||||||
|
errs = append(errs, e)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
switch len(errs) {
|
||||||
|
case 0:
|
||||||
|
err = nil
|
||||||
|
case 1:
|
||||||
|
err = errs[0]
|
||||||
|
default:
|
||||||
|
err = fmt.Errorf("multiple health check failure: %v", errs)
|
||||||
|
}
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
func DefaultHealthyHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
|
err := httputil.WriteJSONResponse(w, http.StatusOK, StatusResponse{
|
||||||
|
Status: "ok",
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
// TODO(bobbyrullo): replace with logging from new logging pkg,
|
||||||
|
// once it lands.
|
||||||
|
log.Printf("Failed to write JSON response: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func DefaultUnhealthyHandler(w http.ResponseWriter, r *http.Request, err error) {
|
||||||
|
writeErr := httputil.WriteJSONResponse(w, http.StatusInternalServerError, StatusResponse{
|
||||||
|
Status: "error",
|
||||||
|
Details: &StatusResponseDetails{
|
||||||
|
Code: http.StatusInternalServerError,
|
||||||
|
Message: err.Error(),
|
||||||
|
},
|
||||||
|
})
|
||||||
|
if writeErr != nil {
|
||||||
|
// TODO(bobbyrullo): replace with logging from new logging pkg,
|
||||||
|
// once it lands.
|
||||||
|
log.Printf("Failed to write JSON response: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// ExpvarHandler is copied from https://golang.org/src/expvar/expvar.go, where it's sadly unexported.
|
||||||
|
func ExpvarHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
|
w.Header().Set("Content-Type", "application/json; charset=utf-8")
|
||||||
|
fmt.Fprintf(w, "{\n")
|
||||||
|
first := true
|
||||||
|
expvar.Do(func(kv expvar.KeyValue) {
|
||||||
|
if !first {
|
||||||
|
fmt.Fprintf(w, ",\n")
|
||||||
|
}
|
||||||
|
first = false
|
||||||
|
fmt.Fprintf(w, "%q: %s", kv.Key, kv.Value)
|
||||||
|
})
|
||||||
|
fmt.Fprintf(w, "\n}\n")
|
||||||
|
}
|
21
vendor/github.com/coreos/pkg/httputil/cookie.go
generated
vendored
Normal file
21
vendor/github.com/coreos/pkg/httputil/cookie.go
generated
vendored
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
package httputil
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
// DeleteCookies effectively deletes all named cookies
|
||||||
|
// by wiping all data and setting to expire immediately.
|
||||||
|
func DeleteCookies(w http.ResponseWriter, cookieNames ...string) {
|
||||||
|
for _, n := range cookieNames {
|
||||||
|
c := &http.Cookie{
|
||||||
|
Name: n,
|
||||||
|
Value: "",
|
||||||
|
Path: "/",
|
||||||
|
MaxAge: -1,
|
||||||
|
Expires: time.Time{},
|
||||||
|
}
|
||||||
|
http.SetCookie(w, c)
|
||||||
|
}
|
||||||
|
}
|
27
vendor/github.com/coreos/pkg/httputil/json.go
generated
vendored
Normal file
27
vendor/github.com/coreos/pkg/httputil/json.go
generated
vendored
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
package httputil
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"net/http"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
JSONContentType = "application/json"
|
||||||
|
)
|
||||||
|
|
||||||
|
func WriteJSONResponse(w http.ResponseWriter, code int, resp interface{}) error {
|
||||||
|
enc, err := json.Marshal(resp)
|
||||||
|
if err != nil {
|
||||||
|
w.WriteHeader(http.StatusInternalServerError)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
w.Header().Set("Content-Type", JSONContentType)
|
||||||
|
w.WriteHeader(code)
|
||||||
|
|
||||||
|
_, err = w.Write(enc)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
15
vendor/github.com/coreos/pkg/timeutil/backoff.go
generated
vendored
Normal file
15
vendor/github.com/coreos/pkg/timeutil/backoff.go
generated
vendored
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
package timeutil
|
||||||
|
|
||||||
|
import (
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
func ExpBackoff(prev, max time.Duration) time.Duration {
|
||||||
|
if prev == 0 {
|
||||||
|
return time.Second
|
||||||
|
}
|
||||||
|
if prev > max/2 {
|
||||||
|
return max
|
||||||
|
}
|
||||||
|
return 2 * prev
|
||||||
|
}
|
13
vendor/github.com/davecgh/go-spew/LICENSE
generated
vendored
Normal file
13
vendor/github.com/davecgh/go-spew/LICENSE
generated
vendored
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
Copyright (c) 2012-2013 Dave Collins <dave@davec.name>
|
||||||
|
|
||||||
|
Permission to use, copy, modify, and distribute this software for any
|
||||||
|
purpose with or without fee is hereby granted, provided that the above
|
||||||
|
copyright notice and this permission notice appear in all copies.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||||
|
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||||
|
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||||
|
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||||
|
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||||
|
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
|
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
151
vendor/github.com/davecgh/go-spew/spew/bypass.go
generated
vendored
Normal file
151
vendor/github.com/davecgh/go-spew/spew/bypass.go
generated
vendored
Normal file
|
@ -0,0 +1,151 @@
|
||||||
|
// Copyright (c) 2015 Dave Collins <dave@davec.name>
|
||||||
|
//
|
||||||
|
// Permission to use, copy, modify, and distribute this software for any
|
||||||
|
// purpose with or without fee is hereby granted, provided that the above
|
||||||
|
// copyright notice and this permission notice appear in all copies.
|
||||||
|
//
|
||||||
|
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||||
|
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||||
|
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||||
|
// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||||
|
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||||
|
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
|
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
|
|
||||||
|
// NOTE: Due to the following build constraints, this file will only be compiled
|
||||||
|
// when the code is not running on Google App Engine and "-tags disableunsafe"
|
||||||
|
// is not added to the go build command line.
|
||||||
|
// +build !appengine,!disableunsafe
|
||||||
|
|
||||||
|
package spew
|
||||||
|
|
||||||
|
import (
|
||||||
|
"reflect"
|
||||||
|
"unsafe"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
// UnsafeDisabled is a build-time constant which specifies whether or
|
||||||
|
// not access to the unsafe package is available.
|
||||||
|
UnsafeDisabled = false
|
||||||
|
|
||||||
|
// ptrSize is the size of a pointer on the current arch.
|
||||||
|
ptrSize = unsafe.Sizeof((*byte)(nil))
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
// offsetPtr, offsetScalar, and offsetFlag are the offsets for the
|
||||||
|
// internal reflect.Value fields. These values are valid before golang
|
||||||
|
// commit ecccf07e7f9d which changed the format. The are also valid
|
||||||
|
// after commit 82f48826c6c7 which changed the format again to mirror
|
||||||
|
// the original format. Code in the init function updates these offsets
|
||||||
|
// as necessary.
|
||||||
|
offsetPtr = uintptr(ptrSize)
|
||||||
|
offsetScalar = uintptr(0)
|
||||||
|
offsetFlag = uintptr(ptrSize * 2)
|
||||||
|
|
||||||
|
// flagKindWidth and flagKindShift indicate various bits that the
|
||||||
|
// reflect package uses internally to track kind information.
|
||||||
|
//
|
||||||
|
// flagRO indicates whether or not the value field of a reflect.Value is
|
||||||
|
// read-only.
|
||||||
|
//
|
||||||
|
// flagIndir indicates whether the value field of a reflect.Value is
|
||||||
|
// the actual data or a pointer to the data.
|
||||||
|
//
|
||||||
|
// These values are valid before golang commit 90a7c3c86944 which
|
||||||
|
// changed their positions. Code in the init function updates these
|
||||||
|
// flags as necessary.
|
||||||
|
flagKindWidth = uintptr(5)
|
||||||
|
flagKindShift = uintptr(flagKindWidth - 1)
|
||||||
|
flagRO = uintptr(1 << 0)
|
||||||
|
flagIndir = uintptr(1 << 1)
|
||||||
|
)
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
// Older versions of reflect.Value stored small integers directly in the
|
||||||
|
// ptr field (which is named val in the older versions). Versions
|
||||||
|
// between commits ecccf07e7f9d and 82f48826c6c7 added a new field named
|
||||||
|
// scalar for this purpose which unfortunately came before the flag
|
||||||
|
// field, so the offset of the flag field is different for those
|
||||||
|
// versions.
|
||||||
|
//
|
||||||
|
// This code constructs a new reflect.Value from a known small integer
|
||||||
|
// and checks if the size of the reflect.Value struct indicates it has
|
||||||
|
// the scalar field. When it does, the offsets are updated accordingly.
|
||||||
|
vv := reflect.ValueOf(0xf00)
|
||||||
|
if unsafe.Sizeof(vv) == (ptrSize * 4) {
|
||||||
|
offsetScalar = ptrSize * 2
|
||||||
|
offsetFlag = ptrSize * 3
|
||||||
|
}
|
||||||
|
|
||||||
|
// Commit 90a7c3c86944 changed the flag positions such that the low
|
||||||
|
// order bits are the kind. This code extracts the kind from the flags
|
||||||
|
// field and ensures it's the correct type. When it's not, the flag
|
||||||
|
// order has been changed to the newer format, so the flags are updated
|
||||||
|
// accordingly.
|
||||||
|
upf := unsafe.Pointer(uintptr(unsafe.Pointer(&vv)) + offsetFlag)
|
||||||
|
upfv := *(*uintptr)(upf)
|
||||||
|
flagKindMask := uintptr((1<<flagKindWidth - 1) << flagKindShift)
|
||||||
|
if (upfv&flagKindMask)>>flagKindShift != uintptr(reflect.Int) {
|
||||||
|
flagKindShift = 0
|
||||||
|
flagRO = 1 << 5
|
||||||
|
flagIndir = 1 << 6
|
||||||
|
|
||||||
|
// Commit adf9b30e5594 modified the flags to separate the
|
||||||
|
// flagRO flag into two bits which specifies whether or not the
|
||||||
|
// field is embedded. This causes flagIndir to move over a bit
|
||||||
|
// and means that flagRO is the combination of either of the
|
||||||
|
// original flagRO bit and the new bit.
|
||||||
|
//
|
||||||
|
// This code detects the change by extracting what used to be
|
||||||
|
// the indirect bit to ensure it's set. When it's not, the flag
|
||||||
|
// order has been changed to the newer format, so the flags are
|
||||||
|
// updated accordingly.
|
||||||
|
if upfv&flagIndir == 0 {
|
||||||
|
flagRO = 3 << 5
|
||||||
|
flagIndir = 1 << 7
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// unsafeReflectValue converts the passed reflect.Value into a one that bypasses
|
||||||
|
// the typical safety restrictions preventing access to unaddressable and
|
||||||
|
// unexported data. It works by digging the raw pointer to the underlying
|
||||||
|
// value out of the protected value and generating a new unprotected (unsafe)
|
||||||
|
// reflect.Value to it.
|
||||||
|
//
|
||||||
|
// This allows us to check for implementations of the Stringer and error
|
||||||
|
// interfaces to be used for pretty printing ordinarily unaddressable and
|
||||||
|
// inaccessible values such as unexported struct fields.
|
||||||
|
func unsafeReflectValue(v reflect.Value) (rv reflect.Value) {
|
||||||
|
indirects := 1
|
||||||
|
vt := v.Type()
|
||||||
|
upv := unsafe.Pointer(uintptr(unsafe.Pointer(&v)) + offsetPtr)
|
||||||
|
rvf := *(*uintptr)(unsafe.Pointer(uintptr(unsafe.Pointer(&v)) + offsetFlag))
|
||||||
|
if rvf&flagIndir != 0 {
|
||||||
|
vt = reflect.PtrTo(v.Type())
|
||||||
|
indirects++
|
||||||
|
} else if offsetScalar != 0 {
|
||||||
|
// The value is in the scalar field when it's not one of the
|
||||||
|
// reference types.
|
||||||
|
switch vt.Kind() {
|
||||||
|
case reflect.Uintptr:
|
||||||
|
case reflect.Chan:
|
||||||
|
case reflect.Func:
|
||||||
|
case reflect.Map:
|
||||||
|
case reflect.Ptr:
|
||||||
|
case reflect.UnsafePointer:
|
||||||
|
default:
|
||||||
|
upv = unsafe.Pointer(uintptr(unsafe.Pointer(&v)) +
|
||||||
|
offsetScalar)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pv := reflect.NewAt(vt, upv)
|
||||||
|
rv = pv
|
||||||
|
for i := 0; i < indirects; i++ {
|
||||||
|
rv = rv.Elem()
|
||||||
|
}
|
||||||
|
return rv
|
||||||
|
}
|
341
vendor/github.com/davecgh/go-spew/spew/common.go
generated
vendored
Normal file
341
vendor/github.com/davecgh/go-spew/spew/common.go
generated
vendored
Normal file
|
@ -0,0 +1,341 @@
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2013 Dave Collins <dave@davec.name>
|
||||||
|
*
|
||||||
|
* Permission to use, copy, modify, and distribute this software for any
|
||||||
|
* purpose with or without fee is hereby granted, provided that the above
|
||||||
|
* copyright notice and this permission notice appear in all copies.
|
||||||
|
*
|
||||||
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||||
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||||
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||||
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||||
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||||
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package spew
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"fmt"
|
||||||
|
"io"
|
||||||
|
"reflect"
|
||||||
|
"sort"
|
||||||
|
"strconv"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Some constants in the form of bytes to avoid string overhead. This mirrors
|
||||||
|
// the technique used in the fmt package.
|
||||||
|
var (
|
||||||
|
panicBytes = []byte("(PANIC=")
|
||||||
|
plusBytes = []byte("+")
|
||||||
|
iBytes = []byte("i")
|
||||||
|
trueBytes = []byte("true")
|
||||||
|
falseBytes = []byte("false")
|
||||||
|
interfaceBytes = []byte("(interface {})")
|
||||||
|
commaNewlineBytes = []byte(",\n")
|
||||||
|
newlineBytes = []byte("\n")
|
||||||
|
openBraceBytes = []byte("{")
|
||||||
|
openBraceNewlineBytes = []byte("{\n")
|
||||||
|
closeBraceBytes = []byte("}")
|
||||||
|
asteriskBytes = []byte("*")
|
||||||
|
colonBytes = []byte(":")
|
||||||
|
colonSpaceBytes = []byte(": ")
|
||||||
|
openParenBytes = []byte("(")
|
||||||
|
closeParenBytes = []byte(")")
|
||||||
|
spaceBytes = []byte(" ")
|
||||||
|
pointerChainBytes = []byte("->")
|
||||||
|
nilAngleBytes = []byte("<nil>")
|
||||||
|
maxNewlineBytes = []byte("<max depth reached>\n")
|
||||||
|
maxShortBytes = []byte("<max>")
|
||||||
|
circularBytes = []byte("<already shown>")
|
||||||
|
circularShortBytes = []byte("<shown>")
|
||||||
|
invalidAngleBytes = []byte("<invalid>")
|
||||||
|
openBracketBytes = []byte("[")
|
||||||
|
closeBracketBytes = []byte("]")
|
||||||
|
percentBytes = []byte("%")
|
||||||
|
precisionBytes = []byte(".")
|
||||||
|
openAngleBytes = []byte("<")
|
||||||
|
closeAngleBytes = []byte(">")
|
||||||
|
openMapBytes = []byte("map[")
|
||||||
|
closeMapBytes = []byte("]")
|
||||||
|
lenEqualsBytes = []byte("len=")
|
||||||
|
capEqualsBytes = []byte("cap=")
|
||||||
|
)
|
||||||
|
|
||||||
|
// hexDigits is used to map a decimal value to a hex digit.
|
||||||
|
var hexDigits = "0123456789abcdef"
|
||||||
|
|
||||||
|
// catchPanic handles any panics that might occur during the handleMethods
|
||||||
|
// calls.
|
||||||
|
func catchPanic(w io.Writer, v reflect.Value) {
|
||||||
|
if err := recover(); err != nil {
|
||||||
|
w.Write(panicBytes)
|
||||||
|
fmt.Fprintf(w, "%v", err)
|
||||||
|
w.Write(closeParenBytes)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// handleMethods attempts to call the Error and String methods on the underlying
|
||||||
|
// type the passed reflect.Value represents and outputes the result to Writer w.
|
||||||
|
//
|
||||||
|
// It handles panics in any called methods by catching and displaying the error
|
||||||
|
// as the formatted value.
|
||||||
|
func handleMethods(cs *ConfigState, w io.Writer, v reflect.Value) (handled bool) {
|
||||||
|
// We need an interface to check if the type implements the error or
|
||||||
|
// Stringer interface. However, the reflect package won't give us an
|
||||||
|
// interface on certain things like unexported struct fields in order
|
||||||
|
// to enforce visibility rules. We use unsafe, when it's available,
|
||||||
|
// to bypass these restrictions since this package does not mutate the
|
||||||
|
// values.
|
||||||
|
if !v.CanInterface() {
|
||||||
|
if UnsafeDisabled {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
v = unsafeReflectValue(v)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Choose whether or not to do error and Stringer interface lookups against
|
||||||
|
// the base type or a pointer to the base type depending on settings.
|
||||||
|
// Technically calling one of these methods with a pointer receiver can
|
||||||
|
// mutate the value, however, types which choose to satisify an error or
|
||||||
|
// Stringer interface with a pointer receiver should not be mutating their
|
||||||
|
// state inside these interface methods.
|
||||||
|
if !cs.DisablePointerMethods && !UnsafeDisabled && !v.CanAddr() {
|
||||||
|
v = unsafeReflectValue(v)
|
||||||
|
}
|
||||||
|
if v.CanAddr() {
|
||||||
|
v = v.Addr()
|
||||||
|
}
|
||||||
|
|
||||||
|
// Is it an error or Stringer?
|
||||||
|
switch iface := v.Interface().(type) {
|
||||||
|
case error:
|
||||||
|
defer catchPanic(w, v)
|
||||||
|
if cs.ContinueOnMethod {
|
||||||
|
w.Write(openParenBytes)
|
||||||
|
w.Write([]byte(iface.Error()))
|
||||||
|
w.Write(closeParenBytes)
|
||||||
|
w.Write(spaceBytes)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
w.Write([]byte(iface.Error()))
|
||||||
|
return true
|
||||||
|
|
||||||
|
case fmt.Stringer:
|
||||||
|
defer catchPanic(w, v)
|
||||||
|
if cs.ContinueOnMethod {
|
||||||
|
w.Write(openParenBytes)
|
||||||
|
w.Write([]byte(iface.String()))
|
||||||
|
w.Write(closeParenBytes)
|
||||||
|
w.Write(spaceBytes)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
w.Write([]byte(iface.String()))
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
// printBool outputs a boolean value as true or false to Writer w.
|
||||||
|
func printBool(w io.Writer, val bool) {
|
||||||
|
if val {
|
||||||
|
w.Write(trueBytes)
|
||||||
|
} else {
|
||||||
|
w.Write(falseBytes)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// printInt outputs a signed integer value to Writer w.
|
||||||
|
func printInt(w io.Writer, val int64, base int) {
|
||||||
|
w.Write([]byte(strconv.FormatInt(val, base)))
|
||||||
|
}
|
||||||
|
|
||||||
|
// printUint outputs an unsigned integer value to Writer w.
|
||||||
|
func printUint(w io.Writer, val uint64, base int) {
|
||||||
|
w.Write([]byte(strconv.FormatUint(val, base)))
|
||||||
|
}
|
||||||
|
|
||||||
|
// printFloat outputs a floating point value using the specified precision,
|
||||||
|
// which is expected to be 32 or 64bit, to Writer w.
|
||||||
|
func printFloat(w io.Writer, val float64, precision int) {
|
||||||
|
w.Write([]byte(strconv.FormatFloat(val, 'g', -1, precision)))
|
||||||
|
}
|
||||||
|
|
||||||
|
// printComplex outputs a complex value using the specified float precision
|
||||||
|
// for the real and imaginary parts to Writer w.
|
||||||
|
func printComplex(w io.Writer, c complex128, floatPrecision int) {
|
||||||
|
r := real(c)
|
||||||
|
w.Write(openParenBytes)
|
||||||
|
w.Write([]byte(strconv.FormatFloat(r, 'g', -1, floatPrecision)))
|
||||||
|
i := imag(c)
|
||||||
|
if i >= 0 {
|
||||||
|
w.Write(plusBytes)
|
||||||
|
}
|
||||||
|
w.Write([]byte(strconv.FormatFloat(i, 'g', -1, floatPrecision)))
|
||||||
|
w.Write(iBytes)
|
||||||
|
w.Write(closeParenBytes)
|
||||||
|
}
|
||||||
|
|
||||||
|
// printHexPtr outputs a uintptr formatted as hexidecimal with a leading '0x'
|
||||||
|
// prefix to Writer w.
|
||||||
|
func printHexPtr(w io.Writer, p uintptr) {
|
||||||
|
// Null pointer.
|
||||||
|
num := uint64(p)
|
||||||
|
if num == 0 {
|
||||||
|
w.Write(nilAngleBytes)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Max uint64 is 16 bytes in hex + 2 bytes for '0x' prefix
|
||||||
|
buf := make([]byte, 18)
|
||||||
|
|
||||||
|
// It's simpler to construct the hex string right to left.
|
||||||
|
base := uint64(16)
|
||||||
|
i := len(buf) - 1
|
||||||
|
for num >= base {
|
||||||
|
buf[i] = hexDigits[num%base]
|
||||||
|
num /= base
|
||||||
|
i--
|
||||||
|
}
|
||||||
|
buf[i] = hexDigits[num]
|
||||||
|
|
||||||
|
// Add '0x' prefix.
|
||||||
|
i--
|
||||||
|
buf[i] = 'x'
|
||||||
|
i--
|
||||||
|
buf[i] = '0'
|
||||||
|
|
||||||
|
// Strip unused leading bytes.
|
||||||
|
buf = buf[i:]
|
||||||
|
w.Write(buf)
|
||||||
|
}
|
||||||
|
|
||||||
|
// valuesSorter implements sort.Interface to allow a slice of reflect.Value
|
||||||
|
// elements to be sorted.
|
||||||
|
type valuesSorter struct {
|
||||||
|
values []reflect.Value
|
||||||
|
strings []string // either nil or same len and values
|
||||||
|
cs *ConfigState
|
||||||
|
}
|
||||||
|
|
||||||
|
// newValuesSorter initializes a valuesSorter instance, which holds a set of
|
||||||
|
// surrogate keys on which the data should be sorted. It uses flags in
|
||||||
|
// ConfigState to decide if and how to populate those surrogate keys.
|
||||||
|
func newValuesSorter(values []reflect.Value, cs *ConfigState) sort.Interface {
|
||||||
|
vs := &valuesSorter{values: values, cs: cs}
|
||||||
|
if canSortSimply(vs.values[0].Kind()) {
|
||||||
|
return vs
|
||||||
|
}
|
||||||
|
if !cs.DisableMethods {
|
||||||
|
vs.strings = make([]string, len(values))
|
||||||
|
for i := range vs.values {
|
||||||
|
b := bytes.Buffer{}
|
||||||
|
if !handleMethods(cs, &b, vs.values[i]) {
|
||||||
|
vs.strings = nil
|
||||||
|
break
|
||||||
|
}
|
||||||
|
vs.strings[i] = b.String()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if vs.strings == nil && cs.SpewKeys {
|
||||||
|
vs.strings = make([]string, len(values))
|
||||||
|
for i := range vs.values {
|
||||||
|
vs.strings[i] = Sprintf("%#v", vs.values[i].Interface())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return vs
|
||||||
|
}
|
||||||
|
|
||||||
|
// canSortSimply tests whether a reflect.Kind is a primitive that can be sorted
|
||||||
|
// directly, or whether it should be considered for sorting by surrogate keys
|
||||||
|
// (if the ConfigState allows it).
|
||||||
|
func canSortSimply(kind reflect.Kind) bool {
|
||||||
|
// This switch parallels valueSortLess, except for the default case.
|
||||||
|
switch kind {
|
||||||
|
case reflect.Bool:
|
||||||
|
return true
|
||||||
|
case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int:
|
||||||
|
return true
|
||||||
|
case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uint:
|
||||||
|
return true
|
||||||
|
case reflect.Float32, reflect.Float64:
|
||||||
|
return true
|
||||||
|
case reflect.String:
|
||||||
|
return true
|
||||||
|
case reflect.Uintptr:
|
||||||
|
return true
|
||||||
|
case reflect.Array:
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
// Len returns the number of values in the slice. It is part of the
|
||||||
|
// sort.Interface implementation.
|
||||||
|
func (s *valuesSorter) Len() int {
|
||||||
|
return len(s.values)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Swap swaps the values at the passed indices. It is part of the
|
||||||
|
// sort.Interface implementation.
|
||||||
|
func (s *valuesSorter) Swap(i, j int) {
|
||||||
|
s.values[i], s.values[j] = s.values[j], s.values[i]
|
||||||
|
if s.strings != nil {
|
||||||
|
s.strings[i], s.strings[j] = s.strings[j], s.strings[i]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// valueSortLess returns whether the first value should sort before the second
|
||||||
|
// value. It is used by valueSorter.Less as part of the sort.Interface
|
||||||
|
// implementation.
|
||||||
|
func valueSortLess(a, b reflect.Value) bool {
|
||||||
|
switch a.Kind() {
|
||||||
|
case reflect.Bool:
|
||||||
|
return !a.Bool() && b.Bool()
|
||||||
|
case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int:
|
||||||
|
return a.Int() < b.Int()
|
||||||
|
case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uint:
|
||||||
|
return a.Uint() < b.Uint()
|
||||||
|
case reflect.Float32, reflect.Float64:
|
||||||
|
return a.Float() < b.Float()
|
||||||
|
case reflect.String:
|
||||||
|
return a.String() < b.String()
|
||||||
|
case reflect.Uintptr:
|
||||||
|
return a.Uint() < b.Uint()
|
||||||
|
case reflect.Array:
|
||||||
|
// Compare the contents of both arrays.
|
||||||
|
l := a.Len()
|
||||||
|
for i := 0; i < l; i++ {
|
||||||
|
av := a.Index(i)
|
||||||
|
bv := b.Index(i)
|
||||||
|
if av.Interface() == bv.Interface() {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
return valueSortLess(av, bv)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return a.String() < b.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
// Less returns whether the value at index i should sort before the
|
||||||
|
// value at index j. It is part of the sort.Interface implementation.
|
||||||
|
func (s *valuesSorter) Less(i, j int) bool {
|
||||||
|
if s.strings == nil {
|
||||||
|
return valueSortLess(s.values[i], s.values[j])
|
||||||
|
}
|
||||||
|
return s.strings[i] < s.strings[j]
|
||||||
|
}
|
||||||
|
|
||||||
|
// sortValues is a sort function that handles both native types and any type that
|
||||||
|
// can be converted to error or Stringer. Other inputs are sorted according to
|
||||||
|
// their Value.String() value to ensure display stability.
|
||||||
|
func sortValues(values []reflect.Value, cs *ConfigState) {
|
||||||
|
if len(values) == 0 {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
sort.Sort(newValuesSorter(values, cs))
|
||||||
|
}
|
297
vendor/github.com/davecgh/go-spew/spew/config.go
generated
vendored
Normal file
297
vendor/github.com/davecgh/go-spew/spew/config.go
generated
vendored
Normal file
|
@ -0,0 +1,297 @@
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2013 Dave Collins <dave@davec.name>
|
||||||
|
*
|
||||||
|
* Permission to use, copy, modify, and distribute this software for any
|
||||||
|
* purpose with or without fee is hereby granted, provided that the above
|
||||||
|
* copyright notice and this permission notice appear in all copies.
|
||||||
|
*
|
||||||
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||||
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||||
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||||
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||||
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||||
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package spew
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"fmt"
|
||||||
|
"io"
|
||||||
|
"os"
|
||||||
|
)
|
||||||
|
|
||||||
|
// ConfigState houses the configuration options used by spew to format and
|
||||||
|
// display values. There is a global instance, Config, that is used to control
|
||||||
|
// all top-level Formatter and Dump functionality. Each ConfigState instance
|
||||||
|
// provides methods equivalent to the top-level functions.
|
||||||
|
//
|
||||||
|
// The zero value for ConfigState provides no indentation. You would typically
|
||||||
|
// want to set it to a space or a tab.
|
||||||
|
//
|
||||||
|
// Alternatively, you can use NewDefaultConfig to get a ConfigState instance
|
||||||
|
// with default settings. See the documentation of NewDefaultConfig for default
|
||||||
|
// values.
|
||||||
|
type ConfigState struct {
|
||||||
|
// Indent specifies the string to use for each indentation level. The
|
||||||
|
// global config instance that all top-level functions use set this to a
|
||||||
|
// single space by default. If you would like more indentation, you might
|
||||||
|
// set this to a tab with "\t" or perhaps two spaces with " ".
|
||||||
|
Indent string
|
||||||
|
|
||||||
|
// MaxDepth controls the maximum number of levels to descend into nested
|
||||||
|
// data structures. The default, 0, means there is no limit.
|
||||||
|
//
|
||||||
|
// NOTE: Circular data structures are properly detected, so it is not
|
||||||
|
// necessary to set this value unless you specifically want to limit deeply
|
||||||
|
// nested data structures.
|
||||||
|
MaxDepth int
|
||||||
|
|
||||||
|
// DisableMethods specifies whether or not error and Stringer interfaces are
|
||||||
|
// invoked for types that implement them.
|
||||||
|
DisableMethods bool
|
||||||
|
|
||||||
|
// DisablePointerMethods specifies whether or not to check for and invoke
|
||||||
|
// error and Stringer interfaces on types which only accept a pointer
|
||||||
|
// receiver when the current type is not a pointer.
|
||||||
|
//
|
||||||
|
// NOTE: This might be an unsafe action since calling one of these methods
|
||||||
|
// with a pointer receiver could technically mutate the value, however,
|
||||||
|
// in practice, types which choose to satisify an error or Stringer
|
||||||
|
// interface with a pointer receiver should not be mutating their state
|
||||||
|
// inside these interface methods. As a result, this option relies on
|
||||||
|
// access to the unsafe package, so it will not have any effect when
|
||||||
|
// running in environments without access to the unsafe package such as
|
||||||
|
// Google App Engine or with the "disableunsafe" build tag specified.
|
||||||
|
DisablePointerMethods bool
|
||||||
|
|
||||||
|
// ContinueOnMethod specifies whether or not recursion should continue once
|
||||||
|
// a custom error or Stringer interface is invoked. The default, false,
|
||||||
|
// means it will print the results of invoking the custom error or Stringer
|
||||||
|
// interface and return immediately instead of continuing to recurse into
|
||||||
|
// the internals of the data type.
|
||||||
|
//
|
||||||
|
// NOTE: This flag does not have any effect if method invocation is disabled
|
||||||
|
// via the DisableMethods or DisablePointerMethods options.
|
||||||
|
ContinueOnMethod bool
|
||||||
|
|
||||||
|
// SortKeys specifies map keys should be sorted before being printed. Use
|
||||||
|
// this to have a more deterministic, diffable output. Note that only
|
||||||
|
// native types (bool, int, uint, floats, uintptr and string) and types
|
||||||
|
// that support the error or Stringer interfaces (if methods are
|
||||||
|
// enabled) are supported, with other types sorted according to the
|
||||||
|
// reflect.Value.String() output which guarantees display stability.
|
||||||
|
SortKeys bool
|
||||||
|
|
||||||
|
// SpewKeys specifies that, as a last resort attempt, map keys should
|
||||||
|
// be spewed to strings and sorted by those strings. This is only
|
||||||
|
// considered if SortKeys is true.
|
||||||
|
SpewKeys bool
|
||||||
|
}
|
||||||
|
|
||||||
|
// Config is the active configuration of the top-level functions.
|
||||||
|
// The configuration can be changed by modifying the contents of spew.Config.
|
||||||
|
var Config = ConfigState{Indent: " "}
|
||||||
|
|
||||||
|
// Errorf is a wrapper for fmt.Errorf that treats each argument as if it were
|
||||||
|
// passed with a Formatter interface returned by c.NewFormatter. It returns
|
||||||
|
// the formatted string as a value that satisfies error. See NewFormatter
|
||||||
|
// for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Errorf(format, c.NewFormatter(a), c.NewFormatter(b))
|
||||||
|
func (c *ConfigState) Errorf(format string, a ...interface{}) (err error) {
|
||||||
|
return fmt.Errorf(format, c.convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Fprint is a wrapper for fmt.Fprint that treats each argument as if it were
|
||||||
|
// passed with a Formatter interface returned by c.NewFormatter. It returns
|
||||||
|
// the number of bytes written and any write error encountered. See
|
||||||
|
// NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Fprint(w, c.NewFormatter(a), c.NewFormatter(b))
|
||||||
|
func (c *ConfigState) Fprint(w io.Writer, a ...interface{}) (n int, err error) {
|
||||||
|
return fmt.Fprint(w, c.convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Fprintf is a wrapper for fmt.Fprintf that treats each argument as if it were
|
||||||
|
// passed with a Formatter interface returned by c.NewFormatter. It returns
|
||||||
|
// the number of bytes written and any write error encountered. See
|
||||||
|
// NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Fprintf(w, format, c.NewFormatter(a), c.NewFormatter(b))
|
||||||
|
func (c *ConfigState) Fprintf(w io.Writer, format string, a ...interface{}) (n int, err error) {
|
||||||
|
return fmt.Fprintf(w, format, c.convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Fprintln is a wrapper for fmt.Fprintln that treats each argument as if it
|
||||||
|
// passed with a Formatter interface returned by c.NewFormatter. See
|
||||||
|
// NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Fprintln(w, c.NewFormatter(a), c.NewFormatter(b))
|
||||||
|
func (c *ConfigState) Fprintln(w io.Writer, a ...interface{}) (n int, err error) {
|
||||||
|
return fmt.Fprintln(w, c.convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Print is a wrapper for fmt.Print that treats each argument as if it were
|
||||||
|
// passed with a Formatter interface returned by c.NewFormatter. It returns
|
||||||
|
// the number of bytes written and any write error encountered. See
|
||||||
|
// NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Print(c.NewFormatter(a), c.NewFormatter(b))
|
||||||
|
func (c *ConfigState) Print(a ...interface{}) (n int, err error) {
|
||||||
|
return fmt.Print(c.convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Printf is a wrapper for fmt.Printf that treats each argument as if it were
|
||||||
|
// passed with a Formatter interface returned by c.NewFormatter. It returns
|
||||||
|
// the number of bytes written and any write error encountered. See
|
||||||
|
// NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Printf(format, c.NewFormatter(a), c.NewFormatter(b))
|
||||||
|
func (c *ConfigState) Printf(format string, a ...interface{}) (n int, err error) {
|
||||||
|
return fmt.Printf(format, c.convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Println is a wrapper for fmt.Println that treats each argument as if it were
|
||||||
|
// passed with a Formatter interface returned by c.NewFormatter. It returns
|
||||||
|
// the number of bytes written and any write error encountered. See
|
||||||
|
// NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Println(c.NewFormatter(a), c.NewFormatter(b))
|
||||||
|
func (c *ConfigState) Println(a ...interface{}) (n int, err error) {
|
||||||
|
return fmt.Println(c.convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Sprint is a wrapper for fmt.Sprint that treats each argument as if it were
|
||||||
|
// passed with a Formatter interface returned by c.NewFormatter. It returns
|
||||||
|
// the resulting string. See NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Sprint(c.NewFormatter(a), c.NewFormatter(b))
|
||||||
|
func (c *ConfigState) Sprint(a ...interface{}) string {
|
||||||
|
return fmt.Sprint(c.convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Sprintf is a wrapper for fmt.Sprintf that treats each argument as if it were
|
||||||
|
// passed with a Formatter interface returned by c.NewFormatter. It returns
|
||||||
|
// the resulting string. See NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Sprintf(format, c.NewFormatter(a), c.NewFormatter(b))
|
||||||
|
func (c *ConfigState) Sprintf(format string, a ...interface{}) string {
|
||||||
|
return fmt.Sprintf(format, c.convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Sprintln is a wrapper for fmt.Sprintln that treats each argument as if it
|
||||||
|
// were passed with a Formatter interface returned by c.NewFormatter. It
|
||||||
|
// returns the resulting string. See NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Sprintln(c.NewFormatter(a), c.NewFormatter(b))
|
||||||
|
func (c *ConfigState) Sprintln(a ...interface{}) string {
|
||||||
|
return fmt.Sprintln(c.convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
NewFormatter returns a custom formatter that satisfies the fmt.Formatter
|
||||||
|
interface. As a result, it integrates cleanly with standard fmt package
|
||||||
|
printing functions. The formatter is useful for inline printing of smaller data
|
||||||
|
types similar to the standard %v format specifier.
|
||||||
|
|
||||||
|
The custom formatter only responds to the %v (most compact), %+v (adds pointer
|
||||||
|
addresses), %#v (adds types), and %#+v (adds types and pointer addresses) verb
|
||||||
|
combinations. Any other verbs such as %x and %q will be sent to the the
|
||||||
|
standard fmt package for formatting. In addition, the custom formatter ignores
|
||||||
|
the width and precision arguments (however they will still work on the format
|
||||||
|
specifiers not handled by the custom formatter).
|
||||||
|
|
||||||
|
Typically this function shouldn't be called directly. It is much easier to make
|
||||||
|
use of the custom formatter by calling one of the convenience functions such as
|
||||||
|
c.Printf, c.Println, or c.Printf.
|
||||||
|
*/
|
||||||
|
func (c *ConfigState) NewFormatter(v interface{}) fmt.Formatter {
|
||||||
|
return newFormatter(c, v)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Fdump formats and displays the passed arguments to io.Writer w. It formats
|
||||||
|
// exactly the same as Dump.
|
||||||
|
func (c *ConfigState) Fdump(w io.Writer, a ...interface{}) {
|
||||||
|
fdump(c, w, a...)
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
Dump displays the passed parameters to standard out with newlines, customizable
|
||||||
|
indentation, and additional debug information such as complete types and all
|
||||||
|
pointer addresses used to indirect to the final value. It provides the
|
||||||
|
following features over the built-in printing facilities provided by the fmt
|
||||||
|
package:
|
||||||
|
|
||||||
|
* Pointers are dereferenced and followed
|
||||||
|
* Circular data structures are detected and handled properly
|
||||||
|
* Custom Stringer/error interfaces are optionally invoked, including
|
||||||
|
on unexported types
|
||||||
|
* Custom types which only implement the Stringer/error interfaces via
|
||||||
|
a pointer receiver are optionally invoked when passing non-pointer
|
||||||
|
variables
|
||||||
|
* Byte arrays and slices are dumped like the hexdump -C command which
|
||||||
|
includes offsets, byte values in hex, and ASCII output
|
||||||
|
|
||||||
|
The configuration options are controlled by modifying the public members
|
||||||
|
of c. See ConfigState for options documentation.
|
||||||
|
|
||||||
|
See Fdump if you would prefer dumping to an arbitrary io.Writer or Sdump to
|
||||||
|
get the formatted result as a string.
|
||||||
|
*/
|
||||||
|
func (c *ConfigState) Dump(a ...interface{}) {
|
||||||
|
fdump(c, os.Stdout, a...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Sdump returns a string with the passed arguments formatted exactly the same
|
||||||
|
// as Dump.
|
||||||
|
func (c *ConfigState) Sdump(a ...interface{}) string {
|
||||||
|
var buf bytes.Buffer
|
||||||
|
fdump(c, &buf, a...)
|
||||||
|
return buf.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
// convertArgs accepts a slice of arguments and returns a slice of the same
|
||||||
|
// length with each argument converted to a spew Formatter interface using
|
||||||
|
// the ConfigState associated with s.
|
||||||
|
func (c *ConfigState) convertArgs(args []interface{}) (formatters []interface{}) {
|
||||||
|
formatters = make([]interface{}, len(args))
|
||||||
|
for index, arg := range args {
|
||||||
|
formatters[index] = newFormatter(c, arg)
|
||||||
|
}
|
||||||
|
return formatters
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewDefaultConfig returns a ConfigState with the following default settings.
|
||||||
|
//
|
||||||
|
// Indent: " "
|
||||||
|
// MaxDepth: 0
|
||||||
|
// DisableMethods: false
|
||||||
|
// DisablePointerMethods: false
|
||||||
|
// ContinueOnMethod: false
|
||||||
|
// SortKeys: false
|
||||||
|
func NewDefaultConfig() *ConfigState {
|
||||||
|
return &ConfigState{Indent: " "}
|
||||||
|
}
|
202
vendor/github.com/davecgh/go-spew/spew/doc.go
generated
vendored
Normal file
202
vendor/github.com/davecgh/go-spew/spew/doc.go
generated
vendored
Normal file
|
@ -0,0 +1,202 @@
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2013 Dave Collins <dave@davec.name>
|
||||||
|
*
|
||||||
|
* Permission to use, copy, modify, and distribute this software for any
|
||||||
|
* purpose with or without fee is hereby granted, provided that the above
|
||||||
|
* copyright notice and this permission notice appear in all copies.
|
||||||
|
*
|
||||||
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||||
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||||
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||||
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||||
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||||
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
Package spew implements a deep pretty printer for Go data structures to aid in
|
||||||
|
debugging.
|
||||||
|
|
||||||
|
A quick overview of the additional features spew provides over the built-in
|
||||||
|
printing facilities for Go data types are as follows:
|
||||||
|
|
||||||
|
* Pointers are dereferenced and followed
|
||||||
|
* Circular data structures are detected and handled properly
|
||||||
|
* Custom Stringer/error interfaces are optionally invoked, including
|
||||||
|
on unexported types
|
||||||
|
* Custom types which only implement the Stringer/error interfaces via
|
||||||
|
a pointer receiver are optionally invoked when passing non-pointer
|
||||||
|
variables
|
||||||
|
* Byte arrays and slices are dumped like the hexdump -C command which
|
||||||
|
includes offsets, byte values in hex, and ASCII output (only when using
|
||||||
|
Dump style)
|
||||||
|
|
||||||
|
There are two different approaches spew allows for dumping Go data structures:
|
||||||
|
|
||||||
|
* Dump style which prints with newlines, customizable indentation,
|
||||||
|
and additional debug information such as types and all pointer addresses
|
||||||
|
used to indirect to the final value
|
||||||
|
* A custom Formatter interface that integrates cleanly with the standard fmt
|
||||||
|
package and replaces %v, %+v, %#v, and %#+v to provide inline printing
|
||||||
|
similar to the default %v while providing the additional functionality
|
||||||
|
outlined above and passing unsupported format verbs such as %x and %q
|
||||||
|
along to fmt
|
||||||
|
|
||||||
|
Quick Start
|
||||||
|
|
||||||
|
This section demonstrates how to quickly get started with spew. See the
|
||||||
|
sections below for further details on formatting and configuration options.
|
||||||
|
|
||||||
|
To dump a variable with full newlines, indentation, type, and pointer
|
||||||
|
information use Dump, Fdump, or Sdump:
|
||||||
|
spew.Dump(myVar1, myVar2, ...)
|
||||||
|
spew.Fdump(someWriter, myVar1, myVar2, ...)
|
||||||
|
str := spew.Sdump(myVar1, myVar2, ...)
|
||||||
|
|
||||||
|
Alternatively, if you would prefer to use format strings with a compacted inline
|
||||||
|
printing style, use the convenience wrappers Printf, Fprintf, etc with
|
||||||
|
%v (most compact), %+v (adds pointer addresses), %#v (adds types), or
|
||||||
|
%#+v (adds types and pointer addresses):
|
||||||
|
spew.Printf("myVar1: %v -- myVar2: %+v", myVar1, myVar2)
|
||||||
|
spew.Printf("myVar3: %#v -- myVar4: %#+v", myVar3, myVar4)
|
||||||
|
spew.Fprintf(someWriter, "myVar1: %v -- myVar2: %+v", myVar1, myVar2)
|
||||||
|
spew.Fprintf(someWriter, "myVar3: %#v -- myVar4: %#+v", myVar3, myVar4)
|
||||||
|
|
||||||
|
Configuration Options
|
||||||
|
|
||||||
|
Configuration of spew is handled by fields in the ConfigState type. For
|
||||||
|
convenience, all of the top-level functions use a global state available
|
||||||
|
via the spew.Config global.
|
||||||
|
|
||||||
|
It is also possible to create a ConfigState instance that provides methods
|
||||||
|
equivalent to the top-level functions. This allows concurrent configuration
|
||||||
|
options. See the ConfigState documentation for more details.
|
||||||
|
|
||||||
|
The following configuration options are available:
|
||||||
|
* Indent
|
||||||
|
String to use for each indentation level for Dump functions.
|
||||||
|
It is a single space by default. A popular alternative is "\t".
|
||||||
|
|
||||||
|
* MaxDepth
|
||||||
|
Maximum number of levels to descend into nested data structures.
|
||||||
|
There is no limit by default.
|
||||||
|
|
||||||
|
* DisableMethods
|
||||||
|
Disables invocation of error and Stringer interface methods.
|
||||||
|
Method invocation is enabled by default.
|
||||||
|
|
||||||
|
* DisablePointerMethods
|
||||||
|
Disables invocation of error and Stringer interface methods on types
|
||||||
|
which only accept pointer receivers from non-pointer variables.
|
||||||
|
Pointer method invocation is enabled by default.
|
||||||
|
|
||||||
|
* ContinueOnMethod
|
||||||
|
Enables recursion into types after invoking error and Stringer interface
|
||||||
|
methods. Recursion after method invocation is disabled by default.
|
||||||
|
|
||||||
|
* SortKeys
|
||||||
|
Specifies map keys should be sorted before being printed. Use
|
||||||
|
this to have a more deterministic, diffable output. Note that
|
||||||
|
only native types (bool, int, uint, floats, uintptr and string)
|
||||||
|
and types which implement error or Stringer interfaces are
|
||||||
|
supported with other types sorted according to the
|
||||||
|
reflect.Value.String() output which guarantees display
|
||||||
|
stability. Natural map order is used by default.
|
||||||
|
|
||||||
|
* SpewKeys
|
||||||
|
Specifies that, as a last resort attempt, map keys should be
|
||||||
|
spewed to strings and sorted by those strings. This is only
|
||||||
|
considered if SortKeys is true.
|
||||||
|
|
||||||
|
Dump Usage
|
||||||
|
|
||||||
|
Simply call spew.Dump with a list of variables you want to dump:
|
||||||
|
|
||||||
|
spew.Dump(myVar1, myVar2, ...)
|
||||||
|
|
||||||
|
You may also call spew.Fdump if you would prefer to output to an arbitrary
|
||||||
|
io.Writer. For example, to dump to standard error:
|
||||||
|
|
||||||
|
spew.Fdump(os.Stderr, myVar1, myVar2, ...)
|
||||||
|
|
||||||
|
A third option is to call spew.Sdump to get the formatted output as a string:
|
||||||
|
|
||||||
|
str := spew.Sdump(myVar1, myVar2, ...)
|
||||||
|
|
||||||
|
Sample Dump Output
|
||||||
|
|
||||||
|
See the Dump example for details on the setup of the types and variables being
|
||||||
|
shown here.
|
||||||
|
|
||||||
|
(main.Foo) {
|
||||||
|
unexportedField: (*main.Bar)(0xf84002e210)({
|
||||||
|
flag: (main.Flag) flagTwo,
|
||||||
|
data: (uintptr) <nil>
|
||||||
|
}),
|
||||||
|
ExportedField: (map[interface {}]interface {}) (len=1) {
|
||||||
|
(string) (len=3) "one": (bool) true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Byte (and uint8) arrays and slices are displayed uniquely like the hexdump -C
|
||||||
|
command as shown.
|
||||||
|
([]uint8) (len=32 cap=32) {
|
||||||
|
00000000 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 |............... |
|
||||||
|
00000010 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 |!"#$%&'()*+,-./0|
|
||||||
|
00000020 31 32 |12|
|
||||||
|
}
|
||||||
|
|
||||||
|
Custom Formatter
|
||||||
|
|
||||||
|
Spew provides a custom formatter that implements the fmt.Formatter interface
|
||||||
|
so that it integrates cleanly with standard fmt package printing functions. The
|
||||||
|
formatter is useful for inline printing of smaller data types similar to the
|
||||||
|
standard %v format specifier.
|
||||||
|
|
||||||
|
The custom formatter only responds to the %v (most compact), %+v (adds pointer
|
||||||
|
addresses), %#v (adds types), or %#+v (adds types and pointer addresses) verb
|
||||||
|
combinations. Any other verbs such as %x and %q will be sent to the the
|
||||||
|
standard fmt package for formatting. In addition, the custom formatter ignores
|
||||||
|
the width and precision arguments (however they will still work on the format
|
||||||
|
specifiers not handled by the custom formatter).
|
||||||
|
|
||||||
|
Custom Formatter Usage
|
||||||
|
|
||||||
|
The simplest way to make use of the spew custom formatter is to call one of the
|
||||||
|
convenience functions such as spew.Printf, spew.Println, or spew.Printf. The
|
||||||
|
functions have syntax you are most likely already familiar with:
|
||||||
|
|
||||||
|
spew.Printf("myVar1: %v -- myVar2: %+v", myVar1, myVar2)
|
||||||
|
spew.Printf("myVar3: %#v -- myVar4: %#+v", myVar3, myVar4)
|
||||||
|
spew.Println(myVar, myVar2)
|
||||||
|
spew.Fprintf(os.Stderr, "myVar1: %v -- myVar2: %+v", myVar1, myVar2)
|
||||||
|
spew.Fprintf(os.Stderr, "myVar3: %#v -- myVar4: %#+v", myVar3, myVar4)
|
||||||
|
|
||||||
|
See the Index for the full list convenience functions.
|
||||||
|
|
||||||
|
Sample Formatter Output
|
||||||
|
|
||||||
|
Double pointer to a uint8:
|
||||||
|
%v: <**>5
|
||||||
|
%+v: <**>(0xf8400420d0->0xf8400420c8)5
|
||||||
|
%#v: (**uint8)5
|
||||||
|
%#+v: (**uint8)(0xf8400420d0->0xf8400420c8)5
|
||||||
|
|
||||||
|
Pointer to circular struct with a uint8 field and a pointer to itself:
|
||||||
|
%v: <*>{1 <*><shown>}
|
||||||
|
%+v: <*>(0xf84003e260){ui8:1 c:<*>(0xf84003e260)<shown>}
|
||||||
|
%#v: (*main.circular){ui8:(uint8)1 c:(*main.circular)<shown>}
|
||||||
|
%#+v: (*main.circular)(0xf84003e260){ui8:(uint8)1 c:(*main.circular)(0xf84003e260)<shown>}
|
||||||
|
|
||||||
|
See the Printf example for details on the setup of variables being shown
|
||||||
|
here.
|
||||||
|
|
||||||
|
Errors
|
||||||
|
|
||||||
|
Since it is possible for custom Stringer/error interfaces to panic, spew
|
||||||
|
detects them and handles them internally by printing the panic information
|
||||||
|
inline with the output. Since spew is intended to provide deep pretty printing
|
||||||
|
capabilities on structures, it intentionally does not return any errors.
|
||||||
|
*/
|
||||||
|
package spew
|
509
vendor/github.com/davecgh/go-spew/spew/dump.go
generated
vendored
Normal file
509
vendor/github.com/davecgh/go-spew/spew/dump.go
generated
vendored
Normal file
|
@ -0,0 +1,509 @@
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2013 Dave Collins <dave@davec.name>
|
||||||
|
*
|
||||||
|
* Permission to use, copy, modify, and distribute this software for any
|
||||||
|
* purpose with or without fee is hereby granted, provided that the above
|
||||||
|
* copyright notice and this permission notice appear in all copies.
|
||||||
|
*
|
||||||
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||||
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||||
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||||
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||||
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||||
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package spew
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"encoding/hex"
|
||||||
|
"fmt"
|
||||||
|
"io"
|
||||||
|
"os"
|
||||||
|
"reflect"
|
||||||
|
"regexp"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
// uint8Type is a reflect.Type representing a uint8. It is used to
|
||||||
|
// convert cgo types to uint8 slices for hexdumping.
|
||||||
|
uint8Type = reflect.TypeOf(uint8(0))
|
||||||
|
|
||||||
|
// cCharRE is a regular expression that matches a cgo char.
|
||||||
|
// It is used to detect character arrays to hexdump them.
|
||||||
|
cCharRE = regexp.MustCompile("^.*\\._Ctype_char$")
|
||||||
|
|
||||||
|
// cUnsignedCharRE is a regular expression that matches a cgo unsigned
|
||||||
|
// char. It is used to detect unsigned character arrays to hexdump
|
||||||
|
// them.
|
||||||
|
cUnsignedCharRE = regexp.MustCompile("^.*\\._Ctype_unsignedchar$")
|
||||||
|
|
||||||
|
// cUint8tCharRE is a regular expression that matches a cgo uint8_t.
|
||||||
|
// It is used to detect uint8_t arrays to hexdump them.
|
||||||
|
cUint8tCharRE = regexp.MustCompile("^.*\\._Ctype_uint8_t$")
|
||||||
|
)
|
||||||
|
|
||||||
|
// dumpState contains information about the state of a dump operation.
|
||||||
|
type dumpState struct {
|
||||||
|
w io.Writer
|
||||||
|
depth int
|
||||||
|
pointers map[uintptr]int
|
||||||
|
ignoreNextType bool
|
||||||
|
ignoreNextIndent bool
|
||||||
|
cs *ConfigState
|
||||||
|
}
|
||||||
|
|
||||||
|
// indent performs indentation according to the depth level and cs.Indent
|
||||||
|
// option.
|
||||||
|
func (d *dumpState) indent() {
|
||||||
|
if d.ignoreNextIndent {
|
||||||
|
d.ignoreNextIndent = false
|
||||||
|
return
|
||||||
|
}
|
||||||
|
d.w.Write(bytes.Repeat([]byte(d.cs.Indent), d.depth))
|
||||||
|
}
|
||||||
|
|
||||||
|
// unpackValue returns values inside of non-nil interfaces when possible.
|
||||||
|
// This is useful for data types like structs, arrays, slices, and maps which
|
||||||
|
// can contain varying types packed inside an interface.
|
||||||
|
func (d *dumpState) unpackValue(v reflect.Value) reflect.Value {
|
||||||
|
if v.Kind() == reflect.Interface && !v.IsNil() {
|
||||||
|
v = v.Elem()
|
||||||
|
}
|
||||||
|
return v
|
||||||
|
}
|
||||||
|
|
||||||
|
// dumpPtr handles formatting of pointers by indirecting them as necessary.
|
||||||
|
func (d *dumpState) dumpPtr(v reflect.Value) {
|
||||||
|
// Remove pointers at or below the current depth from map used to detect
|
||||||
|
// circular refs.
|
||||||
|
for k, depth := range d.pointers {
|
||||||
|
if depth >= d.depth {
|
||||||
|
delete(d.pointers, k)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Keep list of all dereferenced pointers to show later.
|
||||||
|
pointerChain := make([]uintptr, 0)
|
||||||
|
|
||||||
|
// Figure out how many levels of indirection there are by dereferencing
|
||||||
|
// pointers and unpacking interfaces down the chain while detecting circular
|
||||||
|
// references.
|
||||||
|
nilFound := false
|
||||||
|
cycleFound := false
|
||||||
|
indirects := 0
|
||||||
|
ve := v
|
||||||
|
for ve.Kind() == reflect.Ptr {
|
||||||
|
if ve.IsNil() {
|
||||||
|
nilFound = true
|
||||||
|
break
|
||||||
|
}
|
||||||
|
indirects++
|
||||||
|
addr := ve.Pointer()
|
||||||
|
pointerChain = append(pointerChain, addr)
|
||||||
|
if pd, ok := d.pointers[addr]; ok && pd < d.depth {
|
||||||
|
cycleFound = true
|
||||||
|
indirects--
|
||||||
|
break
|
||||||
|
}
|
||||||
|
d.pointers[addr] = d.depth
|
||||||
|
|
||||||
|
ve = ve.Elem()
|
||||||
|
if ve.Kind() == reflect.Interface {
|
||||||
|
if ve.IsNil() {
|
||||||
|
nilFound = true
|
||||||
|
break
|
||||||
|
}
|
||||||
|
ve = ve.Elem()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Display type information.
|
||||||
|
d.w.Write(openParenBytes)
|
||||||
|
d.w.Write(bytes.Repeat(asteriskBytes, indirects))
|
||||||
|
d.w.Write([]byte(ve.Type().String()))
|
||||||
|
d.w.Write(closeParenBytes)
|
||||||
|
|
||||||
|
// Display pointer information.
|
||||||
|
if len(pointerChain) > 0 {
|
||||||
|
d.w.Write(openParenBytes)
|
||||||
|
for i, addr := range pointerChain {
|
||||||
|
if i > 0 {
|
||||||
|
d.w.Write(pointerChainBytes)
|
||||||
|
}
|
||||||
|
printHexPtr(d.w, addr)
|
||||||
|
}
|
||||||
|
d.w.Write(closeParenBytes)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Display dereferenced value.
|
||||||
|
d.w.Write(openParenBytes)
|
||||||
|
switch {
|
||||||
|
case nilFound == true:
|
||||||
|
d.w.Write(nilAngleBytes)
|
||||||
|
|
||||||
|
case cycleFound == true:
|
||||||
|
d.w.Write(circularBytes)
|
||||||
|
|
||||||
|
default:
|
||||||
|
d.ignoreNextType = true
|
||||||
|
d.dump(ve)
|
||||||
|
}
|
||||||
|
d.w.Write(closeParenBytes)
|
||||||
|
}
|
||||||
|
|
||||||
|
// dumpSlice handles formatting of arrays and slices. Byte (uint8 under
|
||||||
|
// reflection) arrays and slices are dumped in hexdump -C fashion.
|
||||||
|
func (d *dumpState) dumpSlice(v reflect.Value) {
|
||||||
|
// Determine whether this type should be hex dumped or not. Also,
|
||||||
|
// for types which should be hexdumped, try to use the underlying data
|
||||||
|
// first, then fall back to trying to convert them to a uint8 slice.
|
||||||
|
var buf []uint8
|
||||||
|
doConvert := false
|
||||||
|
doHexDump := false
|
||||||
|
numEntries := v.Len()
|
||||||
|
if numEntries > 0 {
|
||||||
|
vt := v.Index(0).Type()
|
||||||
|
vts := vt.String()
|
||||||
|
switch {
|
||||||
|
// C types that need to be converted.
|
||||||
|
case cCharRE.MatchString(vts):
|
||||||
|
fallthrough
|
||||||
|
case cUnsignedCharRE.MatchString(vts):
|
||||||
|
fallthrough
|
||||||
|
case cUint8tCharRE.MatchString(vts):
|
||||||
|
doConvert = true
|
||||||
|
|
||||||
|
// Try to use existing uint8 slices and fall back to converting
|
||||||
|
// and copying if that fails.
|
||||||
|
case vt.Kind() == reflect.Uint8:
|
||||||
|
// We need an addressable interface to convert the type
|
||||||
|
// to a byte slice. However, the reflect package won't
|
||||||
|
// give us an interface on certain things like
|
||||||
|
// unexported struct fields in order to enforce
|
||||||
|
// visibility rules. We use unsafe, when available, to
|
||||||
|
// bypass these restrictions since this package does not
|
||||||
|
// mutate the values.
|
||||||
|
vs := v
|
||||||
|
if !vs.CanInterface() || !vs.CanAddr() {
|
||||||
|
vs = unsafeReflectValue(vs)
|
||||||
|
}
|
||||||
|
if !UnsafeDisabled {
|
||||||
|
vs = vs.Slice(0, numEntries)
|
||||||
|
|
||||||
|
// Use the existing uint8 slice if it can be
|
||||||
|
// type asserted.
|
||||||
|
iface := vs.Interface()
|
||||||
|
if slice, ok := iface.([]uint8); ok {
|
||||||
|
buf = slice
|
||||||
|
doHexDump = true
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// The underlying data needs to be converted if it can't
|
||||||
|
// be type asserted to a uint8 slice.
|
||||||
|
doConvert = true
|
||||||
|
}
|
||||||
|
|
||||||
|
// Copy and convert the underlying type if needed.
|
||||||
|
if doConvert && vt.ConvertibleTo(uint8Type) {
|
||||||
|
// Convert and copy each element into a uint8 byte
|
||||||
|
// slice.
|
||||||
|
buf = make([]uint8, numEntries)
|
||||||
|
for i := 0; i < numEntries; i++ {
|
||||||
|
vv := v.Index(i)
|
||||||
|
buf[i] = uint8(vv.Convert(uint8Type).Uint())
|
||||||
|
}
|
||||||
|
doHexDump = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Hexdump the entire slice as needed.
|
||||||
|
if doHexDump {
|
||||||
|
indent := strings.Repeat(d.cs.Indent, d.depth)
|
||||||
|
str := indent + hex.Dump(buf)
|
||||||
|
str = strings.Replace(str, "\n", "\n"+indent, -1)
|
||||||
|
str = strings.TrimRight(str, d.cs.Indent)
|
||||||
|
d.w.Write([]byte(str))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Recursively call dump for each item.
|
||||||
|
for i := 0; i < numEntries; i++ {
|
||||||
|
d.dump(d.unpackValue(v.Index(i)))
|
||||||
|
if i < (numEntries - 1) {
|
||||||
|
d.w.Write(commaNewlineBytes)
|
||||||
|
} else {
|
||||||
|
d.w.Write(newlineBytes)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// dump is the main workhorse for dumping a value. It uses the passed reflect
|
||||||
|
// value to figure out what kind of object we are dealing with and formats it
|
||||||
|
// appropriately. It is a recursive function, however circular data structures
|
||||||
|
// are detected and handled properly.
|
||||||
|
func (d *dumpState) dump(v reflect.Value) {
|
||||||
|
// Handle invalid reflect values immediately.
|
||||||
|
kind := v.Kind()
|
||||||
|
if kind == reflect.Invalid {
|
||||||
|
d.w.Write(invalidAngleBytes)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Handle pointers specially.
|
||||||
|
if kind == reflect.Ptr {
|
||||||
|
d.indent()
|
||||||
|
d.dumpPtr(v)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Print type information unless already handled elsewhere.
|
||||||
|
if !d.ignoreNextType {
|
||||||
|
d.indent()
|
||||||
|
d.w.Write(openParenBytes)
|
||||||
|
d.w.Write([]byte(v.Type().String()))
|
||||||
|
d.w.Write(closeParenBytes)
|
||||||
|
d.w.Write(spaceBytes)
|
||||||
|
}
|
||||||
|
d.ignoreNextType = false
|
||||||
|
|
||||||
|
// Display length and capacity if the built-in len and cap functions
|
||||||
|
// work with the value's kind and the len/cap itself is non-zero.
|
||||||
|
valueLen, valueCap := 0, 0
|
||||||
|
switch v.Kind() {
|
||||||
|
case reflect.Array, reflect.Slice, reflect.Chan:
|
||||||
|
valueLen, valueCap = v.Len(), v.Cap()
|
||||||
|
case reflect.Map, reflect.String:
|
||||||
|
valueLen = v.Len()
|
||||||
|
}
|
||||||
|
if valueLen != 0 || valueCap != 0 {
|
||||||
|
d.w.Write(openParenBytes)
|
||||||
|
if valueLen != 0 {
|
||||||
|
d.w.Write(lenEqualsBytes)
|
||||||
|
printInt(d.w, int64(valueLen), 10)
|
||||||
|
}
|
||||||
|
if valueCap != 0 {
|
||||||
|
if valueLen != 0 {
|
||||||
|
d.w.Write(spaceBytes)
|
||||||
|
}
|
||||||
|
d.w.Write(capEqualsBytes)
|
||||||
|
printInt(d.w, int64(valueCap), 10)
|
||||||
|
}
|
||||||
|
d.w.Write(closeParenBytes)
|
||||||
|
d.w.Write(spaceBytes)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Call Stringer/error interfaces if they exist and the handle methods flag
|
||||||
|
// is enabled
|
||||||
|
if !d.cs.DisableMethods {
|
||||||
|
if (kind != reflect.Invalid) && (kind != reflect.Interface) {
|
||||||
|
if handled := handleMethods(d.cs, d.w, v); handled {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
switch kind {
|
||||||
|
case reflect.Invalid:
|
||||||
|
// Do nothing. We should never get here since invalid has already
|
||||||
|
// been handled above.
|
||||||
|
|
||||||
|
case reflect.Bool:
|
||||||
|
printBool(d.w, v.Bool())
|
||||||
|
|
||||||
|
case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int:
|
||||||
|
printInt(d.w, v.Int(), 10)
|
||||||
|
|
||||||
|
case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uint:
|
||||||
|
printUint(d.w, v.Uint(), 10)
|
||||||
|
|
||||||
|
case reflect.Float32:
|
||||||
|
printFloat(d.w, v.Float(), 32)
|
||||||
|
|
||||||
|
case reflect.Float64:
|
||||||
|
printFloat(d.w, v.Float(), 64)
|
||||||
|
|
||||||
|
case reflect.Complex64:
|
||||||
|
printComplex(d.w, v.Complex(), 32)
|
||||||
|
|
||||||
|
case reflect.Complex128:
|
||||||
|
printComplex(d.w, v.Complex(), 64)
|
||||||
|
|
||||||
|
case reflect.Slice:
|
||||||
|
if v.IsNil() {
|
||||||
|
d.w.Write(nilAngleBytes)
|
||||||
|
break
|
||||||
|
}
|
||||||
|
fallthrough
|
||||||
|
|
||||||
|
case reflect.Array:
|
||||||
|
d.w.Write(openBraceNewlineBytes)
|
||||||
|
d.depth++
|
||||||
|
if (d.cs.MaxDepth != 0) && (d.depth > d.cs.MaxDepth) {
|
||||||
|
d.indent()
|
||||||
|
d.w.Write(maxNewlineBytes)
|
||||||
|
} else {
|
||||||
|
d.dumpSlice(v)
|
||||||
|
}
|
||||||
|
d.depth--
|
||||||
|
d.indent()
|
||||||
|
d.w.Write(closeBraceBytes)
|
||||||
|
|
||||||
|
case reflect.String:
|
||||||
|
d.w.Write([]byte(strconv.Quote(v.String())))
|
||||||
|
|
||||||
|
case reflect.Interface:
|
||||||
|
// The only time we should get here is for nil interfaces due to
|
||||||
|
// unpackValue calls.
|
||||||
|
if v.IsNil() {
|
||||||
|
d.w.Write(nilAngleBytes)
|
||||||
|
}
|
||||||
|
|
||||||
|
case reflect.Ptr:
|
||||||
|
// Do nothing. We should never get here since pointers have already
|
||||||
|
// been handled above.
|
||||||
|
|
||||||
|
case reflect.Map:
|
||||||
|
// nil maps should be indicated as different than empty maps
|
||||||
|
if v.IsNil() {
|
||||||
|
d.w.Write(nilAngleBytes)
|
||||||
|
break
|
||||||
|
}
|
||||||
|
|
||||||
|
d.w.Write(openBraceNewlineBytes)
|
||||||
|
d.depth++
|
||||||
|
if (d.cs.MaxDepth != 0) && (d.depth > d.cs.MaxDepth) {
|
||||||
|
d.indent()
|
||||||
|
d.w.Write(maxNewlineBytes)
|
||||||
|
} else {
|
||||||
|
numEntries := v.Len()
|
||||||
|
keys := v.MapKeys()
|
||||||
|
if d.cs.SortKeys {
|
||||||
|
sortValues(keys, d.cs)
|
||||||
|
}
|
||||||
|
for i, key := range keys {
|
||||||
|
d.dump(d.unpackValue(key))
|
||||||
|
d.w.Write(colonSpaceBytes)
|
||||||
|
d.ignoreNextIndent = true
|
||||||
|
d.dump(d.unpackValue(v.MapIndex(key)))
|
||||||
|
if i < (numEntries - 1) {
|
||||||
|
d.w.Write(commaNewlineBytes)
|
||||||
|
} else {
|
||||||
|
d.w.Write(newlineBytes)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
d.depth--
|
||||||
|
d.indent()
|
||||||
|
d.w.Write(closeBraceBytes)
|
||||||
|
|
||||||
|
case reflect.Struct:
|
||||||
|
d.w.Write(openBraceNewlineBytes)
|
||||||
|
d.depth++
|
||||||
|
if (d.cs.MaxDepth != 0) && (d.depth > d.cs.MaxDepth) {
|
||||||
|
d.indent()
|
||||||
|
d.w.Write(maxNewlineBytes)
|
||||||
|
} else {
|
||||||
|
vt := v.Type()
|
||||||
|
numFields := v.NumField()
|
||||||
|
for i := 0; i < numFields; i++ {
|
||||||
|
d.indent()
|
||||||
|
vtf := vt.Field(i)
|
||||||
|
d.w.Write([]byte(vtf.Name))
|
||||||
|
d.w.Write(colonSpaceBytes)
|
||||||
|
d.ignoreNextIndent = true
|
||||||
|
d.dump(d.unpackValue(v.Field(i)))
|
||||||
|
if i < (numFields - 1) {
|
||||||
|
d.w.Write(commaNewlineBytes)
|
||||||
|
} else {
|
||||||
|
d.w.Write(newlineBytes)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
d.depth--
|
||||||
|
d.indent()
|
||||||
|
d.w.Write(closeBraceBytes)
|
||||||
|
|
||||||
|
case reflect.Uintptr:
|
||||||
|
printHexPtr(d.w, uintptr(v.Uint()))
|
||||||
|
|
||||||
|
case reflect.UnsafePointer, reflect.Chan, reflect.Func:
|
||||||
|
printHexPtr(d.w, v.Pointer())
|
||||||
|
|
||||||
|
// There were not any other types at the time this code was written, but
|
||||||
|
// fall back to letting the default fmt package handle it in case any new
|
||||||
|
// types are added.
|
||||||
|
default:
|
||||||
|
if v.CanInterface() {
|
||||||
|
fmt.Fprintf(d.w, "%v", v.Interface())
|
||||||
|
} else {
|
||||||
|
fmt.Fprintf(d.w, "%v", v.String())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// fdump is a helper function to consolidate the logic from the various public
|
||||||
|
// methods which take varying writers and config states.
|
||||||
|
func fdump(cs *ConfigState, w io.Writer, a ...interface{}) {
|
||||||
|
for _, arg := range a {
|
||||||
|
if arg == nil {
|
||||||
|
w.Write(interfaceBytes)
|
||||||
|
w.Write(spaceBytes)
|
||||||
|
w.Write(nilAngleBytes)
|
||||||
|
w.Write(newlineBytes)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
d := dumpState{w: w, cs: cs}
|
||||||
|
d.pointers = make(map[uintptr]int)
|
||||||
|
d.dump(reflect.ValueOf(arg))
|
||||||
|
d.w.Write(newlineBytes)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Fdump formats and displays the passed arguments to io.Writer w. It formats
|
||||||
|
// exactly the same as Dump.
|
||||||
|
func Fdump(w io.Writer, a ...interface{}) {
|
||||||
|
fdump(&Config, w, a...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Sdump returns a string with the passed arguments formatted exactly the same
|
||||||
|
// as Dump.
|
||||||
|
func Sdump(a ...interface{}) string {
|
||||||
|
var buf bytes.Buffer
|
||||||
|
fdump(&Config, &buf, a...)
|
||||||
|
return buf.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
Dump displays the passed parameters to standard out with newlines, customizable
|
||||||
|
indentation, and additional debug information such as complete types and all
|
||||||
|
pointer addresses used to indirect to the final value. It provides the
|
||||||
|
following features over the built-in printing facilities provided by the fmt
|
||||||
|
package:
|
||||||
|
|
||||||
|
* Pointers are dereferenced and followed
|
||||||
|
* Circular data structures are detected and handled properly
|
||||||
|
* Custom Stringer/error interfaces are optionally invoked, including
|
||||||
|
on unexported types
|
||||||
|
* Custom types which only implement the Stringer/error interfaces via
|
||||||
|
a pointer receiver are optionally invoked when passing non-pointer
|
||||||
|
variables
|
||||||
|
* Byte arrays and slices are dumped like the hexdump -C command which
|
||||||
|
includes offsets, byte values in hex, and ASCII output
|
||||||
|
|
||||||
|
The configuration options are controlled by an exported package global,
|
||||||
|
spew.Config. See ConfigState for options documentation.
|
||||||
|
|
||||||
|
See Fdump if you would prefer dumping to an arbitrary io.Writer or Sdump to
|
||||||
|
get the formatted result as a string.
|
||||||
|
*/
|
||||||
|
func Dump(a ...interface{}) {
|
||||||
|
fdump(&Config, os.Stdout, a...)
|
||||||
|
}
|
419
vendor/github.com/davecgh/go-spew/spew/format.go
generated
vendored
Normal file
419
vendor/github.com/davecgh/go-spew/spew/format.go
generated
vendored
Normal file
|
@ -0,0 +1,419 @@
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2013 Dave Collins <dave@davec.name>
|
||||||
|
*
|
||||||
|
* Permission to use, copy, modify, and distribute this software for any
|
||||||
|
* purpose with or without fee is hereby granted, provided that the above
|
||||||
|
* copyright notice and this permission notice appear in all copies.
|
||||||
|
*
|
||||||
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||||
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||||
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||||
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||||
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||||
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package spew
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"fmt"
|
||||||
|
"reflect"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
// supportedFlags is a list of all the character flags supported by fmt package.
|
||||||
|
const supportedFlags = "0-+# "
|
||||||
|
|
||||||
|
// formatState implements the fmt.Formatter interface and contains information
|
||||||
|
// about the state of a formatting operation. The NewFormatter function can
|
||||||
|
// be used to get a new Formatter which can be used directly as arguments
|
||||||
|
// in standard fmt package printing calls.
|
||||||
|
type formatState struct {
|
||||||
|
value interface{}
|
||||||
|
fs fmt.State
|
||||||
|
depth int
|
||||||
|
pointers map[uintptr]int
|
||||||
|
ignoreNextType bool
|
||||||
|
cs *ConfigState
|
||||||
|
}
|
||||||
|
|
||||||
|
// buildDefaultFormat recreates the original format string without precision
|
||||||
|
// and width information to pass in to fmt.Sprintf in the case of an
|
||||||
|
// unrecognized type. Unless new types are added to the language, this
|
||||||
|
// function won't ever be called.
|
||||||
|
func (f *formatState) buildDefaultFormat() (format string) {
|
||||||
|
buf := bytes.NewBuffer(percentBytes)
|
||||||
|
|
||||||
|
for _, flag := range supportedFlags {
|
||||||
|
if f.fs.Flag(int(flag)) {
|
||||||
|
buf.WriteRune(flag)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
buf.WriteRune('v')
|
||||||
|
|
||||||
|
format = buf.String()
|
||||||
|
return format
|
||||||
|
}
|
||||||
|
|
||||||
|
// constructOrigFormat recreates the original format string including precision
|
||||||
|
// and width information to pass along to the standard fmt package. This allows
|
||||||
|
// automatic deferral of all format strings this package doesn't support.
|
||||||
|
func (f *formatState) constructOrigFormat(verb rune) (format string) {
|
||||||
|
buf := bytes.NewBuffer(percentBytes)
|
||||||
|
|
||||||
|
for _, flag := range supportedFlags {
|
||||||
|
if f.fs.Flag(int(flag)) {
|
||||||
|
buf.WriteRune(flag)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if width, ok := f.fs.Width(); ok {
|
||||||
|
buf.WriteString(strconv.Itoa(width))
|
||||||
|
}
|
||||||
|
|
||||||
|
if precision, ok := f.fs.Precision(); ok {
|
||||||
|
buf.Write(precisionBytes)
|
||||||
|
buf.WriteString(strconv.Itoa(precision))
|
||||||
|
}
|
||||||
|
|
||||||
|
buf.WriteRune(verb)
|
||||||
|
|
||||||
|
format = buf.String()
|
||||||
|
return format
|
||||||
|
}
|
||||||
|
|
||||||
|
// unpackValue returns values inside of non-nil interfaces when possible and
|
||||||
|
// ensures that types for values which have been unpacked from an interface
|
||||||
|
// are displayed when the show types flag is also set.
|
||||||
|
// This is useful for data types like structs, arrays, slices, and maps which
|
||||||
|
// can contain varying types packed inside an interface.
|
||||||
|
func (f *formatState) unpackValue(v reflect.Value) reflect.Value {
|
||||||
|
if v.Kind() == reflect.Interface {
|
||||||
|
f.ignoreNextType = false
|
||||||
|
if !v.IsNil() {
|
||||||
|
v = v.Elem()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return v
|
||||||
|
}
|
||||||
|
|
||||||
|
// formatPtr handles formatting of pointers by indirecting them as necessary.
|
||||||
|
func (f *formatState) formatPtr(v reflect.Value) {
|
||||||
|
// Display nil if top level pointer is nil.
|
||||||
|
showTypes := f.fs.Flag('#')
|
||||||
|
if v.IsNil() && (!showTypes || f.ignoreNextType) {
|
||||||
|
f.fs.Write(nilAngleBytes)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Remove pointers at or below the current depth from map used to detect
|
||||||
|
// circular refs.
|
||||||
|
for k, depth := range f.pointers {
|
||||||
|
if depth >= f.depth {
|
||||||
|
delete(f.pointers, k)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Keep list of all dereferenced pointers to possibly show later.
|
||||||
|
pointerChain := make([]uintptr, 0)
|
||||||
|
|
||||||
|
// Figure out how many levels of indirection there are by derferencing
|
||||||
|
// pointers and unpacking interfaces down the chain while detecting circular
|
||||||
|
// references.
|
||||||
|
nilFound := false
|
||||||
|
cycleFound := false
|
||||||
|
indirects := 0
|
||||||
|
ve := v
|
||||||
|
for ve.Kind() == reflect.Ptr {
|
||||||
|
if ve.IsNil() {
|
||||||
|
nilFound = true
|
||||||
|
break
|
||||||
|
}
|
||||||
|
indirects++
|
||||||
|
addr := ve.Pointer()
|
||||||
|
pointerChain = append(pointerChain, addr)
|
||||||
|
if pd, ok := f.pointers[addr]; ok && pd < f.depth {
|
||||||
|
cycleFound = true
|
||||||
|
indirects--
|
||||||
|
break
|
||||||
|
}
|
||||||
|
f.pointers[addr] = f.depth
|
||||||
|
|
||||||
|
ve = ve.Elem()
|
||||||
|
if ve.Kind() == reflect.Interface {
|
||||||
|
if ve.IsNil() {
|
||||||
|
nilFound = true
|
||||||
|
break
|
||||||
|
}
|
||||||
|
ve = ve.Elem()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Display type or indirection level depending on flags.
|
||||||
|
if showTypes && !f.ignoreNextType {
|
||||||
|
f.fs.Write(openParenBytes)
|
||||||
|
f.fs.Write(bytes.Repeat(asteriskBytes, indirects))
|
||||||
|
f.fs.Write([]byte(ve.Type().String()))
|
||||||
|
f.fs.Write(closeParenBytes)
|
||||||
|
} else {
|
||||||
|
if nilFound || cycleFound {
|
||||||
|
indirects += strings.Count(ve.Type().String(), "*")
|
||||||
|
}
|
||||||
|
f.fs.Write(openAngleBytes)
|
||||||
|
f.fs.Write([]byte(strings.Repeat("*", indirects)))
|
||||||
|
f.fs.Write(closeAngleBytes)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Display pointer information depending on flags.
|
||||||
|
if f.fs.Flag('+') && (len(pointerChain) > 0) {
|
||||||
|
f.fs.Write(openParenBytes)
|
||||||
|
for i, addr := range pointerChain {
|
||||||
|
if i > 0 {
|
||||||
|
f.fs.Write(pointerChainBytes)
|
||||||
|
}
|
||||||
|
printHexPtr(f.fs, addr)
|
||||||
|
}
|
||||||
|
f.fs.Write(closeParenBytes)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Display dereferenced value.
|
||||||
|
switch {
|
||||||
|
case nilFound == true:
|
||||||
|
f.fs.Write(nilAngleBytes)
|
||||||
|
|
||||||
|
case cycleFound == true:
|
||||||
|
f.fs.Write(circularShortBytes)
|
||||||
|
|
||||||
|
default:
|
||||||
|
f.ignoreNextType = true
|
||||||
|
f.format(ve)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// format is the main workhorse for providing the Formatter interface. It
|
||||||
|
// uses the passed reflect value to figure out what kind of object we are
|
||||||
|
// dealing with and formats it appropriately. It is a recursive function,
|
||||||
|
// however circular data structures are detected and handled properly.
|
||||||
|
func (f *formatState) format(v reflect.Value) {
|
||||||
|
// Handle invalid reflect values immediately.
|
||||||
|
kind := v.Kind()
|
||||||
|
if kind == reflect.Invalid {
|
||||||
|
f.fs.Write(invalidAngleBytes)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Handle pointers specially.
|
||||||
|
if kind == reflect.Ptr {
|
||||||
|
f.formatPtr(v)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Print type information unless already handled elsewhere.
|
||||||
|
if !f.ignoreNextType && f.fs.Flag('#') {
|
||||||
|
f.fs.Write(openParenBytes)
|
||||||
|
f.fs.Write([]byte(v.Type().String()))
|
||||||
|
f.fs.Write(closeParenBytes)
|
||||||
|
}
|
||||||
|
f.ignoreNextType = false
|
||||||
|
|
||||||
|
// Call Stringer/error interfaces if they exist and the handle methods
|
||||||
|
// flag is enabled.
|
||||||
|
if !f.cs.DisableMethods {
|
||||||
|
if (kind != reflect.Invalid) && (kind != reflect.Interface) {
|
||||||
|
if handled := handleMethods(f.cs, f.fs, v); handled {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
switch kind {
|
||||||
|
case reflect.Invalid:
|
||||||
|
// Do nothing. We should never get here since invalid has already
|
||||||
|
// been handled above.
|
||||||
|
|
||||||
|
case reflect.Bool:
|
||||||
|
printBool(f.fs, v.Bool())
|
||||||
|
|
||||||
|
case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int:
|
||||||
|
printInt(f.fs, v.Int(), 10)
|
||||||
|
|
||||||
|
case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uint:
|
||||||
|
printUint(f.fs, v.Uint(), 10)
|
||||||
|
|
||||||
|
case reflect.Float32:
|
||||||
|
printFloat(f.fs, v.Float(), 32)
|
||||||
|
|
||||||
|
case reflect.Float64:
|
||||||
|
printFloat(f.fs, v.Float(), 64)
|
||||||
|
|
||||||
|
case reflect.Complex64:
|
||||||
|
printComplex(f.fs, v.Complex(), 32)
|
||||||
|
|
||||||
|
case reflect.Complex128:
|
||||||
|
printComplex(f.fs, v.Complex(), 64)
|
||||||
|
|
||||||
|
case reflect.Slice:
|
||||||
|
if v.IsNil() {
|
||||||
|
f.fs.Write(nilAngleBytes)
|
||||||
|
break
|
||||||
|
}
|
||||||
|
fallthrough
|
||||||
|
|
||||||
|
case reflect.Array:
|
||||||
|
f.fs.Write(openBracketBytes)
|
||||||
|
f.depth++
|
||||||
|
if (f.cs.MaxDepth != 0) && (f.depth > f.cs.MaxDepth) {
|
||||||
|
f.fs.Write(maxShortBytes)
|
||||||
|
} else {
|
||||||
|
numEntries := v.Len()
|
||||||
|
for i := 0; i < numEntries; i++ {
|
||||||
|
if i > 0 {
|
||||||
|
f.fs.Write(spaceBytes)
|
||||||
|
}
|
||||||
|
f.ignoreNextType = true
|
||||||
|
f.format(f.unpackValue(v.Index(i)))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
f.depth--
|
||||||
|
f.fs.Write(closeBracketBytes)
|
||||||
|
|
||||||
|
case reflect.String:
|
||||||
|
f.fs.Write([]byte(v.String()))
|
||||||
|
|
||||||
|
case reflect.Interface:
|
||||||
|
// The only time we should get here is for nil interfaces due to
|
||||||
|
// unpackValue calls.
|
||||||
|
if v.IsNil() {
|
||||||
|
f.fs.Write(nilAngleBytes)
|
||||||
|
}
|
||||||
|
|
||||||
|
case reflect.Ptr:
|
||||||
|
// Do nothing. We should never get here since pointers have already
|
||||||
|
// been handled above.
|
||||||
|
|
||||||
|
case reflect.Map:
|
||||||
|
// nil maps should be indicated as different than empty maps
|
||||||
|
if v.IsNil() {
|
||||||
|
f.fs.Write(nilAngleBytes)
|
||||||
|
break
|
||||||
|
}
|
||||||
|
|
||||||
|
f.fs.Write(openMapBytes)
|
||||||
|
f.depth++
|
||||||
|
if (f.cs.MaxDepth != 0) && (f.depth > f.cs.MaxDepth) {
|
||||||
|
f.fs.Write(maxShortBytes)
|
||||||
|
} else {
|
||||||
|
keys := v.MapKeys()
|
||||||
|
if f.cs.SortKeys {
|
||||||
|
sortValues(keys, f.cs)
|
||||||
|
}
|
||||||
|
for i, key := range keys {
|
||||||
|
if i > 0 {
|
||||||
|
f.fs.Write(spaceBytes)
|
||||||
|
}
|
||||||
|
f.ignoreNextType = true
|
||||||
|
f.format(f.unpackValue(key))
|
||||||
|
f.fs.Write(colonBytes)
|
||||||
|
f.ignoreNextType = true
|
||||||
|
f.format(f.unpackValue(v.MapIndex(key)))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
f.depth--
|
||||||
|
f.fs.Write(closeMapBytes)
|
||||||
|
|
||||||
|
case reflect.Struct:
|
||||||
|
numFields := v.NumField()
|
||||||
|
f.fs.Write(openBraceBytes)
|
||||||
|
f.depth++
|
||||||
|
if (f.cs.MaxDepth != 0) && (f.depth > f.cs.MaxDepth) {
|
||||||
|
f.fs.Write(maxShortBytes)
|
||||||
|
} else {
|
||||||
|
vt := v.Type()
|
||||||
|
for i := 0; i < numFields; i++ {
|
||||||
|
if i > 0 {
|
||||||
|
f.fs.Write(spaceBytes)
|
||||||
|
}
|
||||||
|
vtf := vt.Field(i)
|
||||||
|
if f.fs.Flag('+') || f.fs.Flag('#') {
|
||||||
|
f.fs.Write([]byte(vtf.Name))
|
||||||
|
f.fs.Write(colonBytes)
|
||||||
|
}
|
||||||
|
f.format(f.unpackValue(v.Field(i)))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
f.depth--
|
||||||
|
f.fs.Write(closeBraceBytes)
|
||||||
|
|
||||||
|
case reflect.Uintptr:
|
||||||
|
printHexPtr(f.fs, uintptr(v.Uint()))
|
||||||
|
|
||||||
|
case reflect.UnsafePointer, reflect.Chan, reflect.Func:
|
||||||
|
printHexPtr(f.fs, v.Pointer())
|
||||||
|
|
||||||
|
// There were not any other types at the time this code was written, but
|
||||||
|
// fall back to letting the default fmt package handle it if any get added.
|
||||||
|
default:
|
||||||
|
format := f.buildDefaultFormat()
|
||||||
|
if v.CanInterface() {
|
||||||
|
fmt.Fprintf(f.fs, format, v.Interface())
|
||||||
|
} else {
|
||||||
|
fmt.Fprintf(f.fs, format, v.String())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Format satisfies the fmt.Formatter interface. See NewFormatter for usage
|
||||||
|
// details.
|
||||||
|
func (f *formatState) Format(fs fmt.State, verb rune) {
|
||||||
|
f.fs = fs
|
||||||
|
|
||||||
|
// Use standard formatting for verbs that are not v.
|
||||||
|
if verb != 'v' {
|
||||||
|
format := f.constructOrigFormat(verb)
|
||||||
|
fmt.Fprintf(fs, format, f.value)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if f.value == nil {
|
||||||
|
if fs.Flag('#') {
|
||||||
|
fs.Write(interfaceBytes)
|
||||||
|
}
|
||||||
|
fs.Write(nilAngleBytes)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
f.format(reflect.ValueOf(f.value))
|
||||||
|
}
|
||||||
|
|
||||||
|
// newFormatter is a helper function to consolidate the logic from the various
|
||||||
|
// public methods which take varying config states.
|
||||||
|
func newFormatter(cs *ConfigState, v interface{}) fmt.Formatter {
|
||||||
|
fs := &formatState{value: v, cs: cs}
|
||||||
|
fs.pointers = make(map[uintptr]int)
|
||||||
|
return fs
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
NewFormatter returns a custom formatter that satisfies the fmt.Formatter
|
||||||
|
interface. As a result, it integrates cleanly with standard fmt package
|
||||||
|
printing functions. The formatter is useful for inline printing of smaller data
|
||||||
|
types similar to the standard %v format specifier.
|
||||||
|
|
||||||
|
The custom formatter only responds to the %v (most compact), %+v (adds pointer
|
||||||
|
addresses), %#v (adds types), or %#+v (adds types and pointer addresses) verb
|
||||||
|
combinations. Any other verbs such as %x and %q will be sent to the the
|
||||||
|
standard fmt package for formatting. In addition, the custom formatter ignores
|
||||||
|
the width and precision arguments (however they will still work on the format
|
||||||
|
specifiers not handled by the custom formatter).
|
||||||
|
|
||||||
|
Typically this function shouldn't be called directly. It is much easier to make
|
||||||
|
use of the custom formatter by calling one of the convenience functions such as
|
||||||
|
Printf, Println, or Fprintf.
|
||||||
|
*/
|
||||||
|
func NewFormatter(v interface{}) fmt.Formatter {
|
||||||
|
return newFormatter(&Config, v)
|
||||||
|
}
|
148
vendor/github.com/davecgh/go-spew/spew/spew.go
generated
vendored
Normal file
148
vendor/github.com/davecgh/go-spew/spew/spew.go
generated
vendored
Normal file
|
@ -0,0 +1,148 @@
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2013 Dave Collins <dave@davec.name>
|
||||||
|
*
|
||||||
|
* Permission to use, copy, modify, and distribute this software for any
|
||||||
|
* purpose with or without fee is hereby granted, provided that the above
|
||||||
|
* copyright notice and this permission notice appear in all copies.
|
||||||
|
*
|
||||||
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||||
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||||
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||||
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||||
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||||
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package spew
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"io"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Errorf is a wrapper for fmt.Errorf that treats each argument as if it were
|
||||||
|
// passed with a default Formatter interface returned by NewFormatter. It
|
||||||
|
// returns the formatted string as a value that satisfies error. See
|
||||||
|
// NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Errorf(format, spew.NewFormatter(a), spew.NewFormatter(b))
|
||||||
|
func Errorf(format string, a ...interface{}) (err error) {
|
||||||
|
return fmt.Errorf(format, convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Fprint is a wrapper for fmt.Fprint that treats each argument as if it were
|
||||||
|
// passed with a default Formatter interface returned by NewFormatter. It
|
||||||
|
// returns the number of bytes written and any write error encountered. See
|
||||||
|
// NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Fprint(w, spew.NewFormatter(a), spew.NewFormatter(b))
|
||||||
|
func Fprint(w io.Writer, a ...interface{}) (n int, err error) {
|
||||||
|
return fmt.Fprint(w, convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Fprintf is a wrapper for fmt.Fprintf that treats each argument as if it were
|
||||||
|
// passed with a default Formatter interface returned by NewFormatter. It
|
||||||
|
// returns the number of bytes written and any write error encountered. See
|
||||||
|
// NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Fprintf(w, format, spew.NewFormatter(a), spew.NewFormatter(b))
|
||||||
|
func Fprintf(w io.Writer, format string, a ...interface{}) (n int, err error) {
|
||||||
|
return fmt.Fprintf(w, format, convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Fprintln is a wrapper for fmt.Fprintln that treats each argument as if it
|
||||||
|
// passed with a default Formatter interface returned by NewFormatter. See
|
||||||
|
// NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Fprintln(w, spew.NewFormatter(a), spew.NewFormatter(b))
|
||||||
|
func Fprintln(w io.Writer, a ...interface{}) (n int, err error) {
|
||||||
|
return fmt.Fprintln(w, convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Print is a wrapper for fmt.Print that treats each argument as if it were
|
||||||
|
// passed with a default Formatter interface returned by NewFormatter. It
|
||||||
|
// returns the number of bytes written and any write error encountered. See
|
||||||
|
// NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Print(spew.NewFormatter(a), spew.NewFormatter(b))
|
||||||
|
func Print(a ...interface{}) (n int, err error) {
|
||||||
|
return fmt.Print(convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Printf is a wrapper for fmt.Printf that treats each argument as if it were
|
||||||
|
// passed with a default Formatter interface returned by NewFormatter. It
|
||||||
|
// returns the number of bytes written and any write error encountered. See
|
||||||
|
// NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Printf(format, spew.NewFormatter(a), spew.NewFormatter(b))
|
||||||
|
func Printf(format string, a ...interface{}) (n int, err error) {
|
||||||
|
return fmt.Printf(format, convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Println is a wrapper for fmt.Println that treats each argument as if it were
|
||||||
|
// passed with a default Formatter interface returned by NewFormatter. It
|
||||||
|
// returns the number of bytes written and any write error encountered. See
|
||||||
|
// NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Println(spew.NewFormatter(a), spew.NewFormatter(b))
|
||||||
|
func Println(a ...interface{}) (n int, err error) {
|
||||||
|
return fmt.Println(convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Sprint is a wrapper for fmt.Sprint that treats each argument as if it were
|
||||||
|
// passed with a default Formatter interface returned by NewFormatter. It
|
||||||
|
// returns the resulting string. See NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Sprint(spew.NewFormatter(a), spew.NewFormatter(b))
|
||||||
|
func Sprint(a ...interface{}) string {
|
||||||
|
return fmt.Sprint(convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Sprintf is a wrapper for fmt.Sprintf that treats each argument as if it were
|
||||||
|
// passed with a default Formatter interface returned by NewFormatter. It
|
||||||
|
// returns the resulting string. See NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Sprintf(format, spew.NewFormatter(a), spew.NewFormatter(b))
|
||||||
|
func Sprintf(format string, a ...interface{}) string {
|
||||||
|
return fmt.Sprintf(format, convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Sprintln is a wrapper for fmt.Sprintln that treats each argument as if it
|
||||||
|
// were passed with a default Formatter interface returned by NewFormatter. It
|
||||||
|
// returns the resulting string. See NewFormatter for formatting details.
|
||||||
|
//
|
||||||
|
// This function is shorthand for the following syntax:
|
||||||
|
//
|
||||||
|
// fmt.Sprintln(spew.NewFormatter(a), spew.NewFormatter(b))
|
||||||
|
func Sprintln(a ...interface{}) string {
|
||||||
|
return fmt.Sprintln(convertArgs(a)...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// convertArgs accepts a slice of arguments and returns a slice of the same
|
||||||
|
// length with each argument converted to a default spew Formatter interface.
|
||||||
|
func convertArgs(args []interface{}) (formatters []interface{}) {
|
||||||
|
formatters = make([]interface{}, len(args))
|
||||||
|
for index, arg := range args {
|
||||||
|
formatters[index] = NewFormatter(arg)
|
||||||
|
}
|
||||||
|
return formatters
|
||||||
|
}
|
202
vendor/github.com/docker/distribution/LICENSE
generated
vendored
Normal file
202
vendor/github.com/docker/distribution/LICENSE
generated
vendored
Normal file
|
@ -0,0 +1,202 @@
|
||||||
|
Apache License
|
||||||
|
Version 2.0, January 2004
|
||||||
|
http://www.apache.org/licenses/
|
||||||
|
|
||||||
|
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||||
|
|
||||||
|
1. Definitions.
|
||||||
|
|
||||||
|
"License" shall mean the terms and conditions for use, reproduction,
|
||||||
|
and distribution as defined by Sections 1 through 9 of this document.
|
||||||
|
|
||||||
|
"Licensor" shall mean the copyright owner or entity authorized by
|
||||||
|
the copyright owner that is granting the License.
|
||||||
|
|
||||||
|
"Legal Entity" shall mean the union of the acting entity and all
|
||||||
|
other entities that control, are controlled by, or are under common
|
||||||
|
control with that entity. For the purposes of this definition,
|
||||||
|
"control" means (i) the power, direct or indirect, to cause the
|
||||||
|
direction or management of such entity, whether by contract or
|
||||||
|
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||||
|
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||||
|
|
||||||
|
"You" (or "Your") shall mean an individual or Legal Entity
|
||||||
|
exercising permissions granted by this License.
|
||||||
|
|
||||||
|
"Source" form shall mean the preferred form for making modifications,
|
||||||
|
including but not limited to software source code, documentation
|
||||||
|
source, and configuration files.
|
||||||
|
|
||||||
|
"Object" form shall mean any form resulting from mechanical
|
||||||
|
transformation or translation of a Source form, including but
|
||||||
|
not limited to compiled object code, generated documentation,
|
||||||
|
and conversions to other media types.
|
||||||
|
|
||||||
|
"Work" shall mean the work of authorship, whether in Source or
|
||||||
|
Object form, made available under the License, as indicated by a
|
||||||
|
copyright notice that is included in or attached to the work
|
||||||
|
(an example is provided in the Appendix below).
|
||||||
|
|
||||||
|
"Derivative Works" shall mean any work, whether in Source or Object
|
||||||
|
form, that is based on (or derived from) the Work and for which the
|
||||||
|
editorial revisions, annotations, elaborations, or other modifications
|
||||||
|
represent, as a whole, an original work of authorship. For the purposes
|
||||||
|
of this License, Derivative Works shall not include works that remain
|
||||||
|
separable from, or merely link (or bind by name) to the interfaces of,
|
||||||
|
the Work and Derivative Works thereof.
|
||||||
|
|
||||||
|
"Contribution" shall mean any work of authorship, including
|
||||||
|
the original version of the Work and any modifications or additions
|
||||||
|
to that Work or Derivative Works thereof, that is intentionally
|
||||||
|
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||||
|
or by an individual or Legal Entity authorized to submit on behalf of
|
||||||
|
the copyright owner. For the purposes of this definition, "submitted"
|
||||||
|
means any form of electronic, verbal, or written communication sent
|
||||||
|
to the Licensor or its representatives, including but not limited to
|
||||||
|
communication on electronic mailing lists, source code control systems,
|
||||||
|
and issue tracking systems that are managed by, or on behalf of, the
|
||||||
|
Licensor for the purpose of discussing and improving the Work, but
|
||||||
|
excluding communication that is conspicuously marked or otherwise
|
||||||
|
designated in writing by the copyright owner as "Not a Contribution."
|
||||||
|
|
||||||
|
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||||
|
on behalf of whom a Contribution has been received by Licensor and
|
||||||
|
subsequently incorporated within the Work.
|
||||||
|
|
||||||
|
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
copyright license to reproduce, prepare Derivative Works of,
|
||||||
|
publicly display, publicly perform, sublicense, and distribute the
|
||||||
|
Work and such Derivative Works in Source or Object form.
|
||||||
|
|
||||||
|
3. Grant of Patent License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
(except as stated in this section) patent license to make, have made,
|
||||||
|
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||||
|
where such license applies only to those patent claims licensable
|
||||||
|
by such Contributor that are necessarily infringed by their
|
||||||
|
Contribution(s) alone or by combination of their Contribution(s)
|
||||||
|
with the Work to which such Contribution(s) was submitted. If You
|
||||||
|
institute patent litigation against any entity (including a
|
||||||
|
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||||
|
or a Contribution incorporated within the Work constitutes direct
|
||||||
|
or contributory patent infringement, then any patent licenses
|
||||||
|
granted to You under this License for that Work shall terminate
|
||||||
|
as of the date such litigation is filed.
|
||||||
|
|
||||||
|
4. Redistribution. You may reproduce and distribute copies of the
|
||||||
|
Work or Derivative Works thereof in any medium, with or without
|
||||||
|
modifications, and in Source or Object form, provided that You
|
||||||
|
meet the following conditions:
|
||||||
|
|
||||||
|
(a) You must give any other recipients of the Work or
|
||||||
|
Derivative Works a copy of this License; and
|
||||||
|
|
||||||
|
(b) You must cause any modified files to carry prominent notices
|
||||||
|
stating that You changed the files; and
|
||||||
|
|
||||||
|
(c) You must retain, in the Source form of any Derivative Works
|
||||||
|
that You distribute, all copyright, patent, trademark, and
|
||||||
|
attribution notices from the Source form of the Work,
|
||||||
|
excluding those notices that do not pertain to any part of
|
||||||
|
the Derivative Works; and
|
||||||
|
|
||||||
|
(d) If the Work includes a "NOTICE" text file as part of its
|
||||||
|
distribution, then any Derivative Works that You distribute must
|
||||||
|
include a readable copy of the attribution notices contained
|
||||||
|
within such NOTICE file, excluding those notices that do not
|
||||||
|
pertain to any part of the Derivative Works, in at least one
|
||||||
|
of the following places: within a NOTICE text file distributed
|
||||||
|
as part of the Derivative Works; within the Source form or
|
||||||
|
documentation, if provided along with the Derivative Works; or,
|
||||||
|
within a display generated by the Derivative Works, if and
|
||||||
|
wherever such third-party notices normally appear. The contents
|
||||||
|
of the NOTICE file are for informational purposes only and
|
||||||
|
do not modify the License. You may add Your own attribution
|
||||||
|
notices within Derivative Works that You distribute, alongside
|
||||||
|
or as an addendum to the NOTICE text from the Work, provided
|
||||||
|
that such additional attribution notices cannot be construed
|
||||||
|
as modifying the License.
|
||||||
|
|
||||||
|
You may add Your own copyright statement to Your modifications and
|
||||||
|
may provide additional or different license terms and conditions
|
||||||
|
for use, reproduction, or distribution of Your modifications, or
|
||||||
|
for any such Derivative Works as a whole, provided Your use,
|
||||||
|
reproduction, and distribution of the Work otherwise complies with
|
||||||
|
the conditions stated in this License.
|
||||||
|
|
||||||
|
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||||
|
any Contribution intentionally submitted for inclusion in the Work
|
||||||
|
by You to the Licensor shall be under the terms and conditions of
|
||||||
|
this License, without any additional terms or conditions.
|
||||||
|
Notwithstanding the above, nothing herein shall supersede or modify
|
||||||
|
the terms of any separate license agreement you may have executed
|
||||||
|
with Licensor regarding such Contributions.
|
||||||
|
|
||||||
|
6. Trademarks. This License does not grant permission to use the trade
|
||||||
|
names, trademarks, service marks, or product names of the Licensor,
|
||||||
|
except as required for reasonable and customary use in describing the
|
||||||
|
origin of the Work and reproducing the content of the NOTICE file.
|
||||||
|
|
||||||
|
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||||
|
agreed to in writing, Licensor provides the Work (and each
|
||||||
|
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||||
|
implied, including, without limitation, any warranties or conditions
|
||||||
|
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||||
|
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||||
|
appropriateness of using or redistributing the Work and assume any
|
||||||
|
risks associated with Your exercise of permissions under this License.
|
||||||
|
|
||||||
|
8. Limitation of Liability. In no event and under no legal theory,
|
||||||
|
whether in tort (including negligence), contract, or otherwise,
|
||||||
|
unless required by applicable law (such as deliberate and grossly
|
||||||
|
negligent acts) or agreed to in writing, shall any Contributor be
|
||||||
|
liable to You for damages, including any direct, indirect, special,
|
||||||
|
incidental, or consequential damages of any character arising as a
|
||||||
|
result of this License or out of the use or inability to use the
|
||||||
|
Work (including but not limited to damages for loss of goodwill,
|
||||||
|
work stoppage, computer failure or malfunction, or any and all
|
||||||
|
other commercial damages or losses), even if such Contributor
|
||||||
|
has been advised of the possibility of such damages.
|
||||||
|
|
||||||
|
9. Accepting Warranty or Additional Liability. While redistributing
|
||||||
|
the Work or Derivative Works thereof, You may choose to offer,
|
||||||
|
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||||
|
or other liability obligations and/or rights consistent with this
|
||||||
|
License. However, in accepting such obligations, You may act only
|
||||||
|
on Your own behalf and on Your sole responsibility, not on behalf
|
||||||
|
of any other Contributor, and only if You agree to indemnify,
|
||||||
|
defend, and hold each Contributor harmless for any liability
|
||||||
|
incurred by, or claims asserted against, such Contributor by reason
|
||||||
|
of your accepting any such warranty or additional liability.
|
||||||
|
|
||||||
|
END OF TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
APPENDIX: How to apply the Apache License to your work.
|
||||||
|
|
||||||
|
To apply the Apache License to your work, attach the following
|
||||||
|
boilerplate notice, with the fields enclosed by brackets "{}"
|
||||||
|
replaced with your own identifying information. (Don't include
|
||||||
|
the brackets!) The text should be enclosed in the appropriate
|
||||||
|
comment syntax for the file format. We also recommend that a
|
||||||
|
file or class name and description of purpose be included on the
|
||||||
|
same "printed page" as the copyright notice for easier
|
||||||
|
identification within third-party archives.
|
||||||
|
|
||||||
|
Copyright {yyyy} {name of copyright owner}
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
|
139
vendor/github.com/docker/distribution/digest/digest.go
generated
vendored
Normal file
139
vendor/github.com/docker/distribution/digest/digest.go
generated
vendored
Normal file
|
@ -0,0 +1,139 @@
|
||||||
|
package digest
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"hash"
|
||||||
|
"io"
|
||||||
|
"regexp"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
// DigestSha256EmptyTar is the canonical sha256 digest of empty data
|
||||||
|
DigestSha256EmptyTar = "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Digest allows simple protection of hex formatted digest strings, prefixed
|
||||||
|
// by their algorithm. Strings of type Digest have some guarantee of being in
|
||||||
|
// the correct format and it provides quick access to the components of a
|
||||||
|
// digest string.
|
||||||
|
//
|
||||||
|
// The following is an example of the contents of Digest types:
|
||||||
|
//
|
||||||
|
// sha256:7173b809ca12ec5dee4506cd86be934c4596dd234ee82c0662eac04a8c2c71dc
|
||||||
|
//
|
||||||
|
// This allows to abstract the digest behind this type and work only in those
|
||||||
|
// terms.
|
||||||
|
type Digest string
|
||||||
|
|
||||||
|
// NewDigest returns a Digest from alg and a hash.Hash object.
|
||||||
|
func NewDigest(alg Algorithm, h hash.Hash) Digest {
|
||||||
|
return NewDigestFromBytes(alg, h.Sum(nil))
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewDigestFromBytes returns a new digest from the byte contents of p.
|
||||||
|
// Typically, this can come from hash.Hash.Sum(...) or xxx.SumXXX(...)
|
||||||
|
// functions. This is also useful for rebuilding digests from binary
|
||||||
|
// serializations.
|
||||||
|
func NewDigestFromBytes(alg Algorithm, p []byte) Digest {
|
||||||
|
return Digest(fmt.Sprintf("%s:%x", alg, p))
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewDigestFromHex returns a Digest from alg and a the hex encoded digest.
|
||||||
|
func NewDigestFromHex(alg, hex string) Digest {
|
||||||
|
return Digest(fmt.Sprintf("%s:%s", alg, hex))
|
||||||
|
}
|
||||||
|
|
||||||
|
// DigestRegexp matches valid digest types.
|
||||||
|
var DigestRegexp = regexp.MustCompile(`[a-zA-Z0-9-_+.]+:[a-fA-F0-9]+`)
|
||||||
|
|
||||||
|
// DigestRegexpAnchored matches valid digest types, anchored to the start and end of the match.
|
||||||
|
var DigestRegexpAnchored = regexp.MustCompile(`^` + DigestRegexp.String() + `$`)
|
||||||
|
|
||||||
|
var (
|
||||||
|
// ErrDigestInvalidFormat returned when digest format invalid.
|
||||||
|
ErrDigestInvalidFormat = fmt.Errorf("invalid checksum digest format")
|
||||||
|
|
||||||
|
// ErrDigestInvalidLength returned when digest has invalid length.
|
||||||
|
ErrDigestInvalidLength = fmt.Errorf("invalid checksum digest length")
|
||||||
|
|
||||||
|
// ErrDigestUnsupported returned when the digest algorithm is unsupported.
|
||||||
|
ErrDigestUnsupported = fmt.Errorf("unsupported digest algorithm")
|
||||||
|
)
|
||||||
|
|
||||||
|
// ParseDigest parses s and returns the validated digest object. An error will
|
||||||
|
// be returned if the format is invalid.
|
||||||
|
func ParseDigest(s string) (Digest, error) {
|
||||||
|
d := Digest(s)
|
||||||
|
|
||||||
|
return d, d.Validate()
|
||||||
|
}
|
||||||
|
|
||||||
|
// FromReader returns the most valid digest for the underlying content using
|
||||||
|
// the canonical digest algorithm.
|
||||||
|
func FromReader(rd io.Reader) (Digest, error) {
|
||||||
|
return Canonical.FromReader(rd)
|
||||||
|
}
|
||||||
|
|
||||||
|
// FromBytes digests the input and returns a Digest.
|
||||||
|
func FromBytes(p []byte) Digest {
|
||||||
|
return Canonical.FromBytes(p)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Validate checks that the contents of d is a valid digest, returning an
|
||||||
|
// error if not.
|
||||||
|
func (d Digest) Validate() error {
|
||||||
|
s := string(d)
|
||||||
|
|
||||||
|
if !DigestRegexpAnchored.MatchString(s) {
|
||||||
|
return ErrDigestInvalidFormat
|
||||||
|
}
|
||||||
|
|
||||||
|
i := strings.Index(s, ":")
|
||||||
|
if i < 0 {
|
||||||
|
return ErrDigestInvalidFormat
|
||||||
|
}
|
||||||
|
|
||||||
|
// case: "sha256:" with no hex.
|
||||||
|
if i+1 == len(s) {
|
||||||
|
return ErrDigestInvalidFormat
|
||||||
|
}
|
||||||
|
|
||||||
|
switch algorithm := Algorithm(s[:i]); algorithm {
|
||||||
|
case SHA256, SHA384, SHA512:
|
||||||
|
if algorithm.Size()*2 != len(s[i+1:]) {
|
||||||
|
return ErrDigestInvalidLength
|
||||||
|
}
|
||||||
|
break
|
||||||
|
default:
|
||||||
|
return ErrDigestUnsupported
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Algorithm returns the algorithm portion of the digest. This will panic if
|
||||||
|
// the underlying digest is not in a valid format.
|
||||||
|
func (d Digest) Algorithm() Algorithm {
|
||||||
|
return Algorithm(d[:d.sepIndex()])
|
||||||
|
}
|
||||||
|
|
||||||
|
// Hex returns the hex digest portion of the digest. This will panic if the
|
||||||
|
// underlying digest is not in a valid format.
|
||||||
|
func (d Digest) Hex() string {
|
||||||
|
return string(d[d.sepIndex()+1:])
|
||||||
|
}
|
||||||
|
|
||||||
|
func (d Digest) String() string {
|
||||||
|
return string(d)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (d Digest) sepIndex() int {
|
||||||
|
i := strings.Index(string(d), ":")
|
||||||
|
|
||||||
|
if i < 0 {
|
||||||
|
panic("could not find ':' in digest: " + d)
|
||||||
|
}
|
||||||
|
|
||||||
|
return i
|
||||||
|
}
|
155
vendor/github.com/docker/distribution/digest/digester.go
generated
vendored
Normal file
155
vendor/github.com/docker/distribution/digest/digester.go
generated
vendored
Normal file
|
@ -0,0 +1,155 @@
|
||||||
|
package digest
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto"
|
||||||
|
"fmt"
|
||||||
|
"hash"
|
||||||
|
"io"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Algorithm identifies and implementation of a digester by an identifier.
|
||||||
|
// Note the that this defines both the hash algorithm used and the string
|
||||||
|
// encoding.
|
||||||
|
type Algorithm string
|
||||||
|
|
||||||
|
// supported digest types
|
||||||
|
const (
|
||||||
|
SHA256 Algorithm = "sha256" // sha256 with hex encoding
|
||||||
|
SHA384 Algorithm = "sha384" // sha384 with hex encoding
|
||||||
|
SHA512 Algorithm = "sha512" // sha512 with hex encoding
|
||||||
|
|
||||||
|
// Canonical is the primary digest algorithm used with the distribution
|
||||||
|
// project. Other digests may be used but this one is the primary storage
|
||||||
|
// digest.
|
||||||
|
Canonical = SHA256
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
// TODO(stevvooe): Follow the pattern of the standard crypto package for
|
||||||
|
// registration of digests. Effectively, we are a registerable set and
|
||||||
|
// common symbol access.
|
||||||
|
|
||||||
|
// algorithms maps values to hash.Hash implementations. Other algorithms
|
||||||
|
// may be available but they cannot be calculated by the digest package.
|
||||||
|
algorithms = map[Algorithm]crypto.Hash{
|
||||||
|
SHA256: crypto.SHA256,
|
||||||
|
SHA384: crypto.SHA384,
|
||||||
|
SHA512: crypto.SHA512,
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
// Available returns true if the digest type is available for use. If this
|
||||||
|
// returns false, New and Hash will return nil.
|
||||||
|
func (a Algorithm) Available() bool {
|
||||||
|
h, ok := algorithms[a]
|
||||||
|
if !ok {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
// check availability of the hash, as well
|
||||||
|
return h.Available()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a Algorithm) String() string {
|
||||||
|
return string(a)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Size returns number of bytes returned by the hash.
|
||||||
|
func (a Algorithm) Size() int {
|
||||||
|
h, ok := algorithms[a]
|
||||||
|
if !ok {
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
return h.Size()
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set implemented to allow use of Algorithm as a command line flag.
|
||||||
|
func (a *Algorithm) Set(value string) error {
|
||||||
|
if value == "" {
|
||||||
|
*a = Canonical
|
||||||
|
} else {
|
||||||
|
// just do a type conversion, support is queried with Available.
|
||||||
|
*a = Algorithm(value)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// New returns a new digester for the specified algorithm. If the algorithm
|
||||||
|
// does not have a digester implementation, nil will be returned. This can be
|
||||||
|
// checked by calling Available before calling New.
|
||||||
|
func (a Algorithm) New() Digester {
|
||||||
|
return &digester{
|
||||||
|
alg: a,
|
||||||
|
hash: a.Hash(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Hash returns a new hash as used by the algorithm. If not available, the
|
||||||
|
// method will panic. Check Algorithm.Available() before calling.
|
||||||
|
func (a Algorithm) Hash() hash.Hash {
|
||||||
|
if !a.Available() {
|
||||||
|
// NOTE(stevvooe): A missing hash is usually a programming error that
|
||||||
|
// must be resolved at compile time. We don't import in the digest
|
||||||
|
// package to allow users to choose their hash implementation (such as
|
||||||
|
// when using stevvooe/resumable or a hardware accelerated package).
|
||||||
|
//
|
||||||
|
// Applications that may want to resolve the hash at runtime should
|
||||||
|
// call Algorithm.Available before call Algorithm.Hash().
|
||||||
|
panic(fmt.Sprintf("%v not available (make sure it is imported)", a))
|
||||||
|
}
|
||||||
|
|
||||||
|
return algorithms[a].New()
|
||||||
|
}
|
||||||
|
|
||||||
|
// FromReader returns the digest of the reader using the algorithm.
|
||||||
|
func (a Algorithm) FromReader(rd io.Reader) (Digest, error) {
|
||||||
|
digester := a.New()
|
||||||
|
|
||||||
|
if _, err := io.Copy(digester.Hash(), rd); err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
return digester.Digest(), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// FromBytes digests the input and returns a Digest.
|
||||||
|
func (a Algorithm) FromBytes(p []byte) Digest {
|
||||||
|
digester := a.New()
|
||||||
|
|
||||||
|
if _, err := digester.Hash().Write(p); err != nil {
|
||||||
|
// Writes to a Hash should never fail. None of the existing
|
||||||
|
// hash implementations in the stdlib or hashes vendored
|
||||||
|
// here can return errors from Write. Having a panic in this
|
||||||
|
// condition instead of having FromBytes return an error value
|
||||||
|
// avoids unnecessary error handling paths in all callers.
|
||||||
|
panic("write to hash function returned error: " + err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
return digester.Digest()
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO(stevvooe): Allow resolution of verifiers using the digest type and
|
||||||
|
// this registration system.
|
||||||
|
|
||||||
|
// Digester calculates the digest of written data. Writes should go directly
|
||||||
|
// to the return value of Hash, while calling Digest will return the current
|
||||||
|
// value of the digest.
|
||||||
|
type Digester interface {
|
||||||
|
Hash() hash.Hash // provides direct access to underlying hash instance.
|
||||||
|
Digest() Digest
|
||||||
|
}
|
||||||
|
|
||||||
|
// digester provides a simple digester definition that embeds a hasher.
|
||||||
|
type digester struct {
|
||||||
|
alg Algorithm
|
||||||
|
hash hash.Hash
|
||||||
|
}
|
||||||
|
|
||||||
|
func (d *digester) Hash() hash.Hash {
|
||||||
|
return d.hash
|
||||||
|
}
|
||||||
|
|
||||||
|
func (d *digester) Digest() Digest {
|
||||||
|
return NewDigest(d.alg, d.hash)
|
||||||
|
}
|
42
vendor/github.com/docker/distribution/digest/doc.go
generated
vendored
Normal file
42
vendor/github.com/docker/distribution/digest/doc.go
generated
vendored
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
// Package digest provides a generalized type to opaquely represent message
|
||||||
|
// digests and their operations within the registry. The Digest type is
|
||||||
|
// designed to serve as a flexible identifier in a content-addressable system.
|
||||||
|
// More importantly, it provides tools and wrappers to work with
|
||||||
|
// hash.Hash-based digests with little effort.
|
||||||
|
//
|
||||||
|
// Basics
|
||||||
|
//
|
||||||
|
// The format of a digest is simply a string with two parts, dubbed the
|
||||||
|
// "algorithm" and the "digest", separated by a colon:
|
||||||
|
//
|
||||||
|
// <algorithm>:<digest>
|
||||||
|
//
|
||||||
|
// An example of a sha256 digest representation follows:
|
||||||
|
//
|
||||||
|
// sha256:7173b809ca12ec5dee4506cd86be934c4596dd234ee82c0662eac04a8c2c71dc
|
||||||
|
//
|
||||||
|
// In this case, the string "sha256" is the algorithm and the hex bytes are
|
||||||
|
// the "digest".
|
||||||
|
//
|
||||||
|
// Because the Digest type is simply a string, once a valid Digest is
|
||||||
|
// obtained, comparisons are cheap, quick and simple to express with the
|
||||||
|
// standard equality operator.
|
||||||
|
//
|
||||||
|
// Verification
|
||||||
|
//
|
||||||
|
// The main benefit of using the Digest type is simple verification against a
|
||||||
|
// given digest. The Verifier interface, modeled after the stdlib hash.Hash
|
||||||
|
// interface, provides a common write sink for digest verification. After
|
||||||
|
// writing is complete, calling the Verifier.Verified method will indicate
|
||||||
|
// whether or not the stream of bytes matches the target digest.
|
||||||
|
//
|
||||||
|
// Missing Features
|
||||||
|
//
|
||||||
|
// In addition to the above, we intend to add the following features to this
|
||||||
|
// package:
|
||||||
|
//
|
||||||
|
// 1. A Digester type that supports write sink digest calculation.
|
||||||
|
//
|
||||||
|
// 2. Suspend and resume of ongoing digest calculations to support efficient digest verification in the registry.
|
||||||
|
//
|
||||||
|
package digest
|
245
vendor/github.com/docker/distribution/digest/set.go
generated
vendored
Normal file
245
vendor/github.com/docker/distribution/digest/set.go
generated
vendored
Normal file
|
@ -0,0 +1,245 @@
|
||||||
|
package digest
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"sort"
|
||||||
|
"strings"
|
||||||
|
"sync"
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
// ErrDigestNotFound is used when a matching digest
|
||||||
|
// could not be found in a set.
|
||||||
|
ErrDigestNotFound = errors.New("digest not found")
|
||||||
|
|
||||||
|
// ErrDigestAmbiguous is used when multiple digests
|
||||||
|
// are found in a set. None of the matching digests
|
||||||
|
// should be considered valid matches.
|
||||||
|
ErrDigestAmbiguous = errors.New("ambiguous digest string")
|
||||||
|
)
|
||||||
|
|
||||||
|
// Set is used to hold a unique set of digests which
|
||||||
|
// may be easily referenced by easily referenced by a string
|
||||||
|
// representation of the digest as well as short representation.
|
||||||
|
// The uniqueness of the short representation is based on other
|
||||||
|
// digests in the set. If digests are omitted from this set,
|
||||||
|
// collisions in a larger set may not be detected, therefore it
|
||||||
|
// is important to always do short representation lookups on
|
||||||
|
// the complete set of digests. To mitigate collisions, an
|
||||||
|
// appropriately long short code should be used.
|
||||||
|
type Set struct {
|
||||||
|
mutex sync.RWMutex
|
||||||
|
entries digestEntries
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewSet creates an empty set of digests
|
||||||
|
// which may have digests added.
|
||||||
|
func NewSet() *Set {
|
||||||
|
return &Set{
|
||||||
|
entries: digestEntries{},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// checkShortMatch checks whether two digests match as either whole
|
||||||
|
// values or short values. This function does not test equality,
|
||||||
|
// rather whether the second value could match against the first
|
||||||
|
// value.
|
||||||
|
func checkShortMatch(alg Algorithm, hex, shortAlg, shortHex string) bool {
|
||||||
|
if len(hex) == len(shortHex) {
|
||||||
|
if hex != shortHex {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
if len(shortAlg) > 0 && string(alg) != shortAlg {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
} else if !strings.HasPrefix(hex, shortHex) {
|
||||||
|
return false
|
||||||
|
} else if len(shortAlg) > 0 && string(alg) != shortAlg {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
// Lookup looks for a digest matching the given string representation.
|
||||||
|
// If no digests could be found ErrDigestNotFound will be returned
|
||||||
|
// with an empty digest value. If multiple matches are found
|
||||||
|
// ErrDigestAmbiguous will be returned with an empty digest value.
|
||||||
|
func (dst *Set) Lookup(d string) (Digest, error) {
|
||||||
|
dst.mutex.RLock()
|
||||||
|
defer dst.mutex.RUnlock()
|
||||||
|
if len(dst.entries) == 0 {
|
||||||
|
return "", ErrDigestNotFound
|
||||||
|
}
|
||||||
|
var (
|
||||||
|
searchFunc func(int) bool
|
||||||
|
alg Algorithm
|
||||||
|
hex string
|
||||||
|
)
|
||||||
|
dgst, err := ParseDigest(d)
|
||||||
|
if err == ErrDigestInvalidFormat {
|
||||||
|
hex = d
|
||||||
|
searchFunc = func(i int) bool {
|
||||||
|
return dst.entries[i].val >= d
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
hex = dgst.Hex()
|
||||||
|
alg = dgst.Algorithm()
|
||||||
|
searchFunc = func(i int) bool {
|
||||||
|
if dst.entries[i].val == hex {
|
||||||
|
return dst.entries[i].alg >= alg
|
||||||
|
}
|
||||||
|
return dst.entries[i].val >= hex
|
||||||
|
}
|
||||||
|
}
|
||||||
|
idx := sort.Search(len(dst.entries), searchFunc)
|
||||||
|
if idx == len(dst.entries) || !checkShortMatch(dst.entries[idx].alg, dst.entries[idx].val, string(alg), hex) {
|
||||||
|
return "", ErrDigestNotFound
|
||||||
|
}
|
||||||
|
if dst.entries[idx].alg == alg && dst.entries[idx].val == hex {
|
||||||
|
return dst.entries[idx].digest, nil
|
||||||
|
}
|
||||||
|
if idx+1 < len(dst.entries) && checkShortMatch(dst.entries[idx+1].alg, dst.entries[idx+1].val, string(alg), hex) {
|
||||||
|
return "", ErrDigestAmbiguous
|
||||||
|
}
|
||||||
|
|
||||||
|
return dst.entries[idx].digest, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Add adds the given digest to the set. An error will be returned
|
||||||
|
// if the given digest is invalid. If the digest already exists in the
|
||||||
|
// set, this operation will be a no-op.
|
||||||
|
func (dst *Set) Add(d Digest) error {
|
||||||
|
if err := d.Validate(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
dst.mutex.Lock()
|
||||||
|
defer dst.mutex.Unlock()
|
||||||
|
entry := &digestEntry{alg: d.Algorithm(), val: d.Hex(), digest: d}
|
||||||
|
searchFunc := func(i int) bool {
|
||||||
|
if dst.entries[i].val == entry.val {
|
||||||
|
return dst.entries[i].alg >= entry.alg
|
||||||
|
}
|
||||||
|
return dst.entries[i].val >= entry.val
|
||||||
|
}
|
||||||
|
idx := sort.Search(len(dst.entries), searchFunc)
|
||||||
|
if idx == len(dst.entries) {
|
||||||
|
dst.entries = append(dst.entries, entry)
|
||||||
|
return nil
|
||||||
|
} else if dst.entries[idx].digest == d {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
entries := append(dst.entries, nil)
|
||||||
|
copy(entries[idx+1:], entries[idx:len(entries)-1])
|
||||||
|
entries[idx] = entry
|
||||||
|
dst.entries = entries
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Remove removes the given digest from the set. An err will be
|
||||||
|
// returned if the given digest is invalid. If the digest does
|
||||||
|
// not exist in the set, this operation will be a no-op.
|
||||||
|
func (dst *Set) Remove(d Digest) error {
|
||||||
|
if err := d.Validate(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
dst.mutex.Lock()
|
||||||
|
defer dst.mutex.Unlock()
|
||||||
|
entry := &digestEntry{alg: d.Algorithm(), val: d.Hex(), digest: d}
|
||||||
|
searchFunc := func(i int) bool {
|
||||||
|
if dst.entries[i].val == entry.val {
|
||||||
|
return dst.entries[i].alg >= entry.alg
|
||||||
|
}
|
||||||
|
return dst.entries[i].val >= entry.val
|
||||||
|
}
|
||||||
|
idx := sort.Search(len(dst.entries), searchFunc)
|
||||||
|
// Not found if idx is after or value at idx is not digest
|
||||||
|
if idx == len(dst.entries) || dst.entries[idx].digest != d {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
entries := dst.entries
|
||||||
|
copy(entries[idx:], entries[idx+1:])
|
||||||
|
entries = entries[:len(entries)-1]
|
||||||
|
dst.entries = entries
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// All returns all the digests in the set
|
||||||
|
func (dst *Set) All() []Digest {
|
||||||
|
dst.mutex.RLock()
|
||||||
|
defer dst.mutex.RUnlock()
|
||||||
|
retValues := make([]Digest, len(dst.entries))
|
||||||
|
for i := range dst.entries {
|
||||||
|
retValues[i] = dst.entries[i].digest
|
||||||
|
}
|
||||||
|
|
||||||
|
return retValues
|
||||||
|
}
|
||||||
|
|
||||||
|
// ShortCodeTable returns a map of Digest to unique short codes. The
|
||||||
|
// length represents the minimum value, the maximum length may be the
|
||||||
|
// entire value of digest if uniqueness cannot be achieved without the
|
||||||
|
// full value. This function will attempt to make short codes as short
|
||||||
|
// as possible to be unique.
|
||||||
|
func ShortCodeTable(dst *Set, length int) map[Digest]string {
|
||||||
|
dst.mutex.RLock()
|
||||||
|
defer dst.mutex.RUnlock()
|
||||||
|
m := make(map[Digest]string, len(dst.entries))
|
||||||
|
l := length
|
||||||
|
resetIdx := 0
|
||||||
|
for i := 0; i < len(dst.entries); i++ {
|
||||||
|
var short string
|
||||||
|
extended := true
|
||||||
|
for extended {
|
||||||
|
extended = false
|
||||||
|
if len(dst.entries[i].val) <= l {
|
||||||
|
short = dst.entries[i].digest.String()
|
||||||
|
} else {
|
||||||
|
short = dst.entries[i].val[:l]
|
||||||
|
for j := i + 1; j < len(dst.entries); j++ {
|
||||||
|
if checkShortMatch(dst.entries[j].alg, dst.entries[j].val, "", short) {
|
||||||
|
if j > resetIdx {
|
||||||
|
resetIdx = j
|
||||||
|
}
|
||||||
|
extended = true
|
||||||
|
} else {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if extended {
|
||||||
|
l++
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
m[dst.entries[i].digest] = short
|
||||||
|
if i >= resetIdx {
|
||||||
|
l = length
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return m
|
||||||
|
}
|
||||||
|
|
||||||
|
type digestEntry struct {
|
||||||
|
alg Algorithm
|
||||||
|
val string
|
||||||
|
digest Digest
|
||||||
|
}
|
||||||
|
|
||||||
|
type digestEntries []*digestEntry
|
||||||
|
|
||||||
|
func (d digestEntries) Len() int {
|
||||||
|
return len(d)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (d digestEntries) Less(i, j int) bool {
|
||||||
|
if d[i].val != d[j].val {
|
||||||
|
return d[i].val < d[j].val
|
||||||
|
}
|
||||||
|
return d[i].alg < d[j].alg
|
||||||
|
}
|
||||||
|
|
||||||
|
func (d digestEntries) Swap(i, j int) {
|
||||||
|
d[i], d[j] = d[j], d[i]
|
||||||
|
}
|
44
vendor/github.com/docker/distribution/digest/verifiers.go
generated
vendored
Normal file
44
vendor/github.com/docker/distribution/digest/verifiers.go
generated
vendored
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
package digest
|
||||||
|
|
||||||
|
import (
|
||||||
|
"hash"
|
||||||
|
"io"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Verifier presents a general verification interface to be used with message
|
||||||
|
// digests and other byte stream verifications. Users instantiate a Verifier
|
||||||
|
// from one of the various methods, write the data under test to it then check
|
||||||
|
// the result with the Verified method.
|
||||||
|
type Verifier interface {
|
||||||
|
io.Writer
|
||||||
|
|
||||||
|
// Verified will return true if the content written to Verifier matches
|
||||||
|
// the digest.
|
||||||
|
Verified() bool
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewDigestVerifier returns a verifier that compares the written bytes
|
||||||
|
// against a passed in digest.
|
||||||
|
func NewDigestVerifier(d Digest) (Verifier, error) {
|
||||||
|
if err := d.Validate(); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return hashVerifier{
|
||||||
|
hash: d.Algorithm().Hash(),
|
||||||
|
digest: d,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
type hashVerifier struct {
|
||||||
|
digest Digest
|
||||||
|
hash hash.Hash
|
||||||
|
}
|
||||||
|
|
||||||
|
func (hv hashVerifier) Write(p []byte) (n int, err error) {
|
||||||
|
return hv.hash.Write(p)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (hv hashVerifier) Verified() bool {
|
||||||
|
return hv.digest == NewDigest(hv.digest.Algorithm(), hv.hash)
|
||||||
|
}
|
334
vendor/github.com/docker/distribution/reference/reference.go
generated
vendored
Normal file
334
vendor/github.com/docker/distribution/reference/reference.go
generated
vendored
Normal file
|
@ -0,0 +1,334 @@
|
||||||
|
// Package reference provides a general type to represent any way of referencing images within the registry.
|
||||||
|
// Its main purpose is to abstract tags and digests (content-addressable hash).
|
||||||
|
//
|
||||||
|
// Grammar
|
||||||
|
//
|
||||||
|
// reference := name [ ":" tag ] [ "@" digest ]
|
||||||
|
// name := [hostname '/'] component ['/' component]*
|
||||||
|
// hostname := hostcomponent ['.' hostcomponent]* [':' port-number]
|
||||||
|
// hostcomponent := /([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])/
|
||||||
|
// port-number := /[0-9]+/
|
||||||
|
// component := alpha-numeric [separator alpha-numeric]*
|
||||||
|
// alpha-numeric := /[a-z0-9]+/
|
||||||
|
// separator := /[_.]|__|[-]*/
|
||||||
|
//
|
||||||
|
// tag := /[\w][\w.-]{0,127}/
|
||||||
|
//
|
||||||
|
// digest := digest-algorithm ":" digest-hex
|
||||||
|
// digest-algorithm := digest-algorithm-component [ digest-algorithm-separator digest-algorithm-component ]
|
||||||
|
// digest-algorithm-separator := /[+.-_]/
|
||||||
|
// digest-algorithm-component := /[A-Za-z][A-Za-z0-9]*/
|
||||||
|
// digest-hex := /[0-9a-fA-F]{32,}/ ; At least 128 bit digest value
|
||||||
|
package reference
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/docker/distribution/digest"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
// NameTotalLengthMax is the maximum total number of characters in a repository name.
|
||||||
|
NameTotalLengthMax = 255
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
// ErrReferenceInvalidFormat represents an error while trying to parse a string as a reference.
|
||||||
|
ErrReferenceInvalidFormat = errors.New("invalid reference format")
|
||||||
|
|
||||||
|
// ErrTagInvalidFormat represents an error while trying to parse a string as a tag.
|
||||||
|
ErrTagInvalidFormat = errors.New("invalid tag format")
|
||||||
|
|
||||||
|
// ErrDigestInvalidFormat represents an error while trying to parse a string as a tag.
|
||||||
|
ErrDigestInvalidFormat = errors.New("invalid digest format")
|
||||||
|
|
||||||
|
// ErrNameEmpty is returned for empty, invalid repository names.
|
||||||
|
ErrNameEmpty = errors.New("repository name must have at least one component")
|
||||||
|
|
||||||
|
// ErrNameTooLong is returned when a repository name is longer than NameTotalLengthMax.
|
||||||
|
ErrNameTooLong = fmt.Errorf("repository name must not be more than %v characters", NameTotalLengthMax)
|
||||||
|
)
|
||||||
|
|
||||||
|
// Reference is an opaque object reference identifier that may include
|
||||||
|
// modifiers such as a hostname, name, tag, and digest.
|
||||||
|
type Reference interface {
|
||||||
|
// String returns the full reference
|
||||||
|
String() string
|
||||||
|
}
|
||||||
|
|
||||||
|
// Field provides a wrapper type for resolving correct reference types when
|
||||||
|
// working with encoding.
|
||||||
|
type Field struct {
|
||||||
|
reference Reference
|
||||||
|
}
|
||||||
|
|
||||||
|
// AsField wraps a reference in a Field for encoding.
|
||||||
|
func AsField(reference Reference) Field {
|
||||||
|
return Field{reference}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Reference unwraps the reference type from the field to
|
||||||
|
// return the Reference object. This object should be
|
||||||
|
// of the appropriate type to further check for different
|
||||||
|
// reference types.
|
||||||
|
func (f Field) Reference() Reference {
|
||||||
|
return f.reference
|
||||||
|
}
|
||||||
|
|
||||||
|
// MarshalText serializes the field to byte text which
|
||||||
|
// is the string of the reference.
|
||||||
|
func (f Field) MarshalText() (p []byte, err error) {
|
||||||
|
return []byte(f.reference.String()), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// UnmarshalText parses text bytes by invoking the
|
||||||
|
// reference parser to ensure the appropriately
|
||||||
|
// typed reference object is wrapped by field.
|
||||||
|
func (f *Field) UnmarshalText(p []byte) error {
|
||||||
|
r, err := Parse(string(p))
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
f.reference = r
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Named is an object with a full name
|
||||||
|
type Named interface {
|
||||||
|
Reference
|
||||||
|
Name() string
|
||||||
|
}
|
||||||
|
|
||||||
|
// Tagged is an object which has a tag
|
||||||
|
type Tagged interface {
|
||||||
|
Reference
|
||||||
|
Tag() string
|
||||||
|
}
|
||||||
|
|
||||||
|
// NamedTagged is an object including a name and tag.
|
||||||
|
type NamedTagged interface {
|
||||||
|
Named
|
||||||
|
Tag() string
|
||||||
|
}
|
||||||
|
|
||||||
|
// Digested is an object which has a digest
|
||||||
|
// in which it can be referenced by
|
||||||
|
type Digested interface {
|
||||||
|
Reference
|
||||||
|
Digest() digest.Digest
|
||||||
|
}
|
||||||
|
|
||||||
|
// Canonical reference is an object with a fully unique
|
||||||
|
// name including a name with hostname and digest
|
||||||
|
type Canonical interface {
|
||||||
|
Named
|
||||||
|
Digest() digest.Digest
|
||||||
|
}
|
||||||
|
|
||||||
|
// SplitHostname splits a named reference into a
|
||||||
|
// hostname and name string. If no valid hostname is
|
||||||
|
// found, the hostname is empty and the full value
|
||||||
|
// is returned as name
|
||||||
|
func SplitHostname(named Named) (string, string) {
|
||||||
|
name := named.Name()
|
||||||
|
match := anchoredNameRegexp.FindStringSubmatch(name)
|
||||||
|
if match == nil || len(match) != 3 {
|
||||||
|
return "", name
|
||||||
|
}
|
||||||
|
return match[1], match[2]
|
||||||
|
}
|
||||||
|
|
||||||
|
// Parse parses s and returns a syntactically valid Reference.
|
||||||
|
// If an error was encountered it is returned, along with a nil Reference.
|
||||||
|
// NOTE: Parse will not handle short digests.
|
||||||
|
func Parse(s string) (Reference, error) {
|
||||||
|
matches := ReferenceRegexp.FindStringSubmatch(s)
|
||||||
|
if matches == nil {
|
||||||
|
if s == "" {
|
||||||
|
return nil, ErrNameEmpty
|
||||||
|
}
|
||||||
|
// TODO(dmcgowan): Provide more specific and helpful error
|
||||||
|
return nil, ErrReferenceInvalidFormat
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(matches[1]) > NameTotalLengthMax {
|
||||||
|
return nil, ErrNameTooLong
|
||||||
|
}
|
||||||
|
|
||||||
|
ref := reference{
|
||||||
|
name: matches[1],
|
||||||
|
tag: matches[2],
|
||||||
|
}
|
||||||
|
if matches[3] != "" {
|
||||||
|
var err error
|
||||||
|
ref.digest, err = digest.ParseDigest(matches[3])
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
r := getBestReferenceType(ref)
|
||||||
|
if r == nil {
|
||||||
|
return nil, ErrNameEmpty
|
||||||
|
}
|
||||||
|
|
||||||
|
return r, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// ParseNamed parses s and returns a syntactically valid reference implementing
|
||||||
|
// the Named interface. The reference must have a name, otherwise an error is
|
||||||
|
// returned.
|
||||||
|
// If an error was encountered it is returned, along with a nil Reference.
|
||||||
|
// NOTE: ParseNamed will not handle short digests.
|
||||||
|
func ParseNamed(s string) (Named, error) {
|
||||||
|
ref, err := Parse(s)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
named, isNamed := ref.(Named)
|
||||||
|
if !isNamed {
|
||||||
|
return nil, fmt.Errorf("reference %s has no name", ref.String())
|
||||||
|
}
|
||||||
|
return named, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// WithName returns a named object representing the given string. If the input
|
||||||
|
// is invalid ErrReferenceInvalidFormat will be returned.
|
||||||
|
func WithName(name string) (Named, error) {
|
||||||
|
if len(name) > NameTotalLengthMax {
|
||||||
|
return nil, ErrNameTooLong
|
||||||
|
}
|
||||||
|
if !anchoredNameRegexp.MatchString(name) {
|
||||||
|
return nil, ErrReferenceInvalidFormat
|
||||||
|
}
|
||||||
|
return repository(name), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// WithTag combines the name from "name" and the tag from "tag" to form a
|
||||||
|
// reference incorporating both the name and the tag.
|
||||||
|
func WithTag(name Named, tag string) (NamedTagged, error) {
|
||||||
|
if !anchoredTagRegexp.MatchString(tag) {
|
||||||
|
return nil, ErrTagInvalidFormat
|
||||||
|
}
|
||||||
|
return taggedReference{
|
||||||
|
name: name.Name(),
|
||||||
|
tag: tag,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// WithDigest combines the name from "name" and the digest from "digest" to form
|
||||||
|
// a reference incorporating both the name and the digest.
|
||||||
|
func WithDigest(name Named, digest digest.Digest) (Canonical, error) {
|
||||||
|
if !anchoredDigestRegexp.MatchString(digest.String()) {
|
||||||
|
return nil, ErrDigestInvalidFormat
|
||||||
|
}
|
||||||
|
return canonicalReference{
|
||||||
|
name: name.Name(),
|
||||||
|
digest: digest,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func getBestReferenceType(ref reference) Reference {
|
||||||
|
if ref.name == "" {
|
||||||
|
// Allow digest only references
|
||||||
|
if ref.digest != "" {
|
||||||
|
return digestReference(ref.digest)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
if ref.tag == "" {
|
||||||
|
if ref.digest != "" {
|
||||||
|
return canonicalReference{
|
||||||
|
name: ref.name,
|
||||||
|
digest: ref.digest,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return repository(ref.name)
|
||||||
|
}
|
||||||
|
if ref.digest == "" {
|
||||||
|
return taggedReference{
|
||||||
|
name: ref.name,
|
||||||
|
tag: ref.tag,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return ref
|
||||||
|
}
|
||||||
|
|
||||||
|
type reference struct {
|
||||||
|
name string
|
||||||
|
tag string
|
||||||
|
digest digest.Digest
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r reference) String() string {
|
||||||
|
return r.name + ":" + r.tag + "@" + r.digest.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r reference) Name() string {
|
||||||
|
return r.name
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r reference) Tag() string {
|
||||||
|
return r.tag
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r reference) Digest() digest.Digest {
|
||||||
|
return r.digest
|
||||||
|
}
|
||||||
|
|
||||||
|
type repository string
|
||||||
|
|
||||||
|
func (r repository) String() string {
|
||||||
|
return string(r)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r repository) Name() string {
|
||||||
|
return string(r)
|
||||||
|
}
|
||||||
|
|
||||||
|
type digestReference digest.Digest
|
||||||
|
|
||||||
|
func (d digestReference) String() string {
|
||||||
|
return d.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (d digestReference) Digest() digest.Digest {
|
||||||
|
return digest.Digest(d)
|
||||||
|
}
|
||||||
|
|
||||||
|
type taggedReference struct {
|
||||||
|
name string
|
||||||
|
tag string
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t taggedReference) String() string {
|
||||||
|
return t.name + ":" + t.tag
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t taggedReference) Name() string {
|
||||||
|
return t.name
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t taggedReference) Tag() string {
|
||||||
|
return t.tag
|
||||||
|
}
|
||||||
|
|
||||||
|
type canonicalReference struct {
|
||||||
|
name string
|
||||||
|
digest digest.Digest
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c canonicalReference) String() string {
|
||||||
|
return c.name + "@" + c.digest.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c canonicalReference) Name() string {
|
||||||
|
return c.name
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c canonicalReference) Digest() digest.Digest {
|
||||||
|
return c.digest
|
||||||
|
}
|
124
vendor/github.com/docker/distribution/reference/regexp.go
generated
vendored
Normal file
124
vendor/github.com/docker/distribution/reference/regexp.go
generated
vendored
Normal file
|
@ -0,0 +1,124 @@
|
||||||
|
package reference
|
||||||
|
|
||||||
|
import "regexp"
|
||||||
|
|
||||||
|
var (
|
||||||
|
// alphaNumericRegexp defines the alpha numeric atom, typically a
|
||||||
|
// component of names. This only allows lower case characters and digits.
|
||||||
|
alphaNumericRegexp = match(`[a-z0-9]+`)
|
||||||
|
|
||||||
|
// separatorRegexp defines the separators allowed to be embedded in name
|
||||||
|
// components. This allow one period, one or two underscore and multiple
|
||||||
|
// dashes.
|
||||||
|
separatorRegexp = match(`(?:[._]|__|[-]*)`)
|
||||||
|
|
||||||
|
// nameComponentRegexp restricts registry path component names to start
|
||||||
|
// with at least one letter or number, with following parts able to be
|
||||||
|
// separated by one period, one or two underscore and multiple dashes.
|
||||||
|
nameComponentRegexp = expression(
|
||||||
|
alphaNumericRegexp,
|
||||||
|
optional(repeated(separatorRegexp, alphaNumericRegexp)))
|
||||||
|
|
||||||
|
// hostnameComponentRegexp restricts the registry hostname component of a
|
||||||
|
// repository name to start with a component as defined by hostnameRegexp
|
||||||
|
// and followed by an optional port.
|
||||||
|
hostnameComponentRegexp = match(`(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])`)
|
||||||
|
|
||||||
|
// hostnameRegexp defines the structure of potential hostname components
|
||||||
|
// that may be part of image names. This is purposely a subset of what is
|
||||||
|
// allowed by DNS to ensure backwards compatibility with Docker image
|
||||||
|
// names.
|
||||||
|
hostnameRegexp = expression(
|
||||||
|
hostnameComponentRegexp,
|
||||||
|
optional(repeated(literal(`.`), hostnameComponentRegexp)),
|
||||||
|
optional(literal(`:`), match(`[0-9]+`)))
|
||||||
|
|
||||||
|
// TagRegexp matches valid tag names. From docker/docker:graph/tags.go.
|
||||||
|
TagRegexp = match(`[\w][\w.-]{0,127}`)
|
||||||
|
|
||||||
|
// anchoredTagRegexp matches valid tag names, anchored at the start and
|
||||||
|
// end of the matched string.
|
||||||
|
anchoredTagRegexp = anchored(TagRegexp)
|
||||||
|
|
||||||
|
// DigestRegexp matches valid digests.
|
||||||
|
DigestRegexp = match(`[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}`)
|
||||||
|
|
||||||
|
// anchoredDigestRegexp matches valid digests, anchored at the start and
|
||||||
|
// end of the matched string.
|
||||||
|
anchoredDigestRegexp = anchored(DigestRegexp)
|
||||||
|
|
||||||
|
// NameRegexp is the format for the name component of references. The
|
||||||
|
// regexp has capturing groups for the hostname and name part omitting
|
||||||
|
// the separating forward slash from either.
|
||||||
|
NameRegexp = expression(
|
||||||
|
optional(hostnameRegexp, literal(`/`)),
|
||||||
|
nameComponentRegexp,
|
||||||
|
optional(repeated(literal(`/`), nameComponentRegexp)))
|
||||||
|
|
||||||
|
// anchoredNameRegexp is used to parse a name value, capturing the
|
||||||
|
// hostname and trailing components.
|
||||||
|
anchoredNameRegexp = anchored(
|
||||||
|
optional(capture(hostnameRegexp), literal(`/`)),
|
||||||
|
capture(nameComponentRegexp,
|
||||||
|
optional(repeated(literal(`/`), nameComponentRegexp))))
|
||||||
|
|
||||||
|
// ReferenceRegexp is the full supported format of a reference. The regexp
|
||||||
|
// is anchored and has capturing groups for name, tag, and digest
|
||||||
|
// components.
|
||||||
|
ReferenceRegexp = anchored(capture(NameRegexp),
|
||||||
|
optional(literal(":"), capture(TagRegexp)),
|
||||||
|
optional(literal("@"), capture(DigestRegexp)))
|
||||||
|
)
|
||||||
|
|
||||||
|
// match compiles the string to a regular expression.
|
||||||
|
var match = regexp.MustCompile
|
||||||
|
|
||||||
|
// literal compiles s into a literal regular expression, escaping any regexp
|
||||||
|
// reserved characters.
|
||||||
|
func literal(s string) *regexp.Regexp {
|
||||||
|
re := match(regexp.QuoteMeta(s))
|
||||||
|
|
||||||
|
if _, complete := re.LiteralPrefix(); !complete {
|
||||||
|
panic("must be a literal")
|
||||||
|
}
|
||||||
|
|
||||||
|
return re
|
||||||
|
}
|
||||||
|
|
||||||
|
// expression defines a full expression, where each regular expression must
|
||||||
|
// follow the previous.
|
||||||
|
func expression(res ...*regexp.Regexp) *regexp.Regexp {
|
||||||
|
var s string
|
||||||
|
for _, re := range res {
|
||||||
|
s += re.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
return match(s)
|
||||||
|
}
|
||||||
|
|
||||||
|
// optional wraps the expression in a non-capturing group and makes the
|
||||||
|
// production optional.
|
||||||
|
func optional(res ...*regexp.Regexp) *regexp.Regexp {
|
||||||
|
return match(group(expression(res...)).String() + `?`)
|
||||||
|
}
|
||||||
|
|
||||||
|
// repeated wraps the regexp in a non-capturing group to get one or more
|
||||||
|
// matches.
|
||||||
|
func repeated(res ...*regexp.Regexp) *regexp.Regexp {
|
||||||
|
return match(group(expression(res...)).String() + `+`)
|
||||||
|
}
|
||||||
|
|
||||||
|
// group wraps the regexp in a non-capturing group.
|
||||||
|
func group(res ...*regexp.Regexp) *regexp.Regexp {
|
||||||
|
return match(`(?:` + expression(res...).String() + `)`)
|
||||||
|
}
|
||||||
|
|
||||||
|
// capture wraps the expression in a capturing group.
|
||||||
|
func capture(res ...*regexp.Regexp) *regexp.Regexp {
|
||||||
|
return match(`(` + expression(res...).String() + `)`)
|
||||||
|
}
|
||||||
|
|
||||||
|
// anchored anchors the regular expression by adding start and end delimiters.
|
||||||
|
func anchored(res ...*regexp.Regexp) *regexp.Regexp {
|
||||||
|
return match(`^` + expression(res...).String() + `$`)
|
||||||
|
}
|
163
vendor/github.com/emicklei/go-restful/CHANGES.md
generated
vendored
Normal file
163
vendor/github.com/emicklei/go-restful/CHANGES.md
generated
vendored
Normal file
|
@ -0,0 +1,163 @@
|
||||||
|
Change history of go-restful
|
||||||
|
=
|
||||||
|
2016-02-14
|
||||||
|
- take the qualify factor of the Accept header mediatype into account when deciding the contentype of the response
|
||||||
|
- add constructors for custom entity accessors for xml and json
|
||||||
|
|
||||||
|
2015-09-27
|
||||||
|
- rename new WriteStatusAnd... to WriteHeaderAnd... for consistency
|
||||||
|
|
||||||
|
2015-09-25
|
||||||
|
- fixed problem with changing Header after WriteHeader (issue 235)
|
||||||
|
|
||||||
|
2015-09-14
|
||||||
|
- changed behavior of WriteHeader (immediate write) and WriteEntity (no status write)
|
||||||
|
- added support for custom EntityReaderWriters.
|
||||||
|
|
||||||
|
2015-08-06
|
||||||
|
- add support for reading entities from compressed request content
|
||||||
|
- use sync.Pool for compressors of http response and request body
|
||||||
|
- add Description to Parameter for documentation in Swagger UI
|
||||||
|
|
||||||
|
2015-03-20
|
||||||
|
- add configurable logging
|
||||||
|
|
||||||
|
2015-03-18
|
||||||
|
- if not specified, the Operation is derived from the Route function
|
||||||
|
|
||||||
|
2015-03-17
|
||||||
|
- expose Parameter creation functions
|
||||||
|
- make trace logger an interface
|
||||||
|
- fix OPTIONSFilter
|
||||||
|
- customize rendering of ServiceError
|
||||||
|
- JSR311 router now handles wildcards
|
||||||
|
- add Notes to Route
|
||||||
|
|
||||||
|
2014-11-27
|
||||||
|
- (api add) PrettyPrint per response. (as proposed in #167)
|
||||||
|
|
||||||
|
2014-11-12
|
||||||
|
- (api add) ApiVersion(.) for documentation in Swagger UI
|
||||||
|
|
||||||
|
2014-11-10
|
||||||
|
- (api change) struct fields tagged with "description" show up in Swagger UI
|
||||||
|
|
||||||
|
2014-10-31
|
||||||
|
- (api change) ReturnsError -> Returns
|
||||||
|
- (api add) RouteBuilder.Do(aBuilder) for DRY use of RouteBuilder
|
||||||
|
- fix swagger nested structs
|
||||||
|
- sort Swagger response messages by code
|
||||||
|
|
||||||
|
2014-10-23
|
||||||
|
- (api add) ReturnsError allows you to document Http codes in swagger
|
||||||
|
- fixed problem with greedy CurlyRouter
|
||||||
|
- (api add) Access-Control-Max-Age in CORS
|
||||||
|
- add tracing functionality (injectable) for debugging purposes
|
||||||
|
- support JSON parse 64bit int
|
||||||
|
- fix empty parameters for swagger
|
||||||
|
- WebServicesUrl is now optional for swagger
|
||||||
|
- fixed duplicate AccessControlAllowOrigin in CORS
|
||||||
|
- (api change) expose ServeMux in container
|
||||||
|
- (api add) added AllowedDomains in CORS
|
||||||
|
- (api add) ParameterNamed for detailed documentation
|
||||||
|
|
||||||
|
2014-04-16
|
||||||
|
- (api add) expose constructor of Request for testing.
|
||||||
|
|
||||||
|
2014-06-27
|
||||||
|
- (api add) ParameterNamed gives access to a Parameter definition and its data (for further specification).
|
||||||
|
- (api add) SetCacheReadEntity allow scontrol over whether or not the request body is being cached (default true for compatibility reasons).
|
||||||
|
|
||||||
|
2014-07-03
|
||||||
|
- (api add) CORS can be configured with a list of allowed domains
|
||||||
|
|
||||||
|
2014-03-12
|
||||||
|
- (api add) Route path parameters can use wildcard or regular expressions. (requires CurlyRouter)
|
||||||
|
|
||||||
|
2014-02-26
|
||||||
|
- (api add) Request now provides information about the matched Route, see method SelectedRoutePath
|
||||||
|
|
||||||
|
2014-02-17
|
||||||
|
- (api change) renamed parameter constants (go-lint checks)
|
||||||
|
|
||||||
|
2014-01-10
|
||||||
|
- (api add) support for CloseNotify, see http://golang.org/pkg/net/http/#CloseNotifier
|
||||||
|
|
||||||
|
2014-01-07
|
||||||
|
- (api change) Write* methods in Response now return the error or nil.
|
||||||
|
- added example of serving HTML from a Go template.
|
||||||
|
- fixed comparing Allowed headers in CORS (is now case-insensitive)
|
||||||
|
|
||||||
|
2013-11-13
|
||||||
|
- (api add) Response knows how many bytes are written to the response body.
|
||||||
|
|
||||||
|
2013-10-29
|
||||||
|
- (api add) RecoverHandler(handler RecoverHandleFunction) to change how panic recovery is handled. Default behavior is to log and return a stacktrace. This may be a security issue as it exposes sourcecode information.
|
||||||
|
|
||||||
|
2013-10-04
|
||||||
|
- (api add) Response knows what HTTP status has been written
|
||||||
|
- (api add) Request can have attributes (map of string->interface, also called request-scoped variables
|
||||||
|
|
||||||
|
2013-09-12
|
||||||
|
- (api change) Router interface simplified
|
||||||
|
- Implemented CurlyRouter, a Router that does not use|allow regular expressions in paths
|
||||||
|
|
||||||
|
2013-08-05
|
||||||
|
- add OPTIONS support
|
||||||
|
- add CORS support
|
||||||
|
|
||||||
|
2013-08-27
|
||||||
|
- fixed some reported issues (see github)
|
||||||
|
- (api change) deprecated use of WriteError; use WriteErrorString instead
|
||||||
|
|
||||||
|
2014-04-15
|
||||||
|
- (fix) v1.0.1 tag: fix Issue 111: WriteErrorString
|
||||||
|
|
||||||
|
2013-08-08
|
||||||
|
- (api add) Added implementation Container: a WebServices collection with its own http.ServeMux allowing multiple endpoints per program. Existing uses of go-restful will register their services to the DefaultContainer.
|
||||||
|
- (api add) the swagger package has be extended to have a UI per container.
|
||||||
|
- if panic is detected then a small stack trace is printed (thanks to runner-mei)
|
||||||
|
- (api add) WriteErrorString to Response
|
||||||
|
|
||||||
|
Important API changes:
|
||||||
|
|
||||||
|
- (api remove) package variable DoNotRecover no longer works ; use restful.DefaultContainer.DoNotRecover(true) instead.
|
||||||
|
- (api remove) package variable EnableContentEncoding no longer works ; use restful.DefaultContainer.EnableContentEncoding(true) instead.
|
||||||
|
|
||||||
|
|
||||||
|
2013-07-06
|
||||||
|
|
||||||
|
- (api add) Added support for response encoding (gzip and deflate(zlib)). This feature is disabled on default (for backwards compatibility). Use restful.EnableContentEncoding = true in your initialization to enable this feature.
|
||||||
|
|
||||||
|
2013-06-19
|
||||||
|
|
||||||
|
- (improve) DoNotRecover option, moved request body closer, improved ReadEntity
|
||||||
|
|
||||||
|
2013-06-03
|
||||||
|
|
||||||
|
- (api change) removed Dispatcher interface, hide PathExpression
|
||||||
|
- changed receiver names of type functions to be more idiomatic Go
|
||||||
|
|
||||||
|
2013-06-02
|
||||||
|
|
||||||
|
- (optimize) Cache the RegExp compilation of Paths.
|
||||||
|
|
||||||
|
2013-05-22
|
||||||
|
|
||||||
|
- (api add) Added support for request/response filter functions
|
||||||
|
|
||||||
|
2013-05-18
|
||||||
|
|
||||||
|
|
||||||
|
- (api add) Added feature to change the default Http Request Dispatch function (travis cline)
|
||||||
|
- (api change) Moved Swagger Webservice to swagger package (see example restful-user)
|
||||||
|
|
||||||
|
[2012-11-14 .. 2013-05-18>
|
||||||
|
|
||||||
|
- See https://github.com/emicklei/go-restful/commits
|
||||||
|
|
||||||
|
2012-11-14
|
||||||
|
|
||||||
|
- Initial commit
|
||||||
|
|
||||||
|
|
22
vendor/github.com/emicklei/go-restful/LICENSE
generated
vendored
Normal file
22
vendor/github.com/emicklei/go-restful/LICENSE
generated
vendored
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
Copyright (c) 2012,2013 Ernest Micklei
|
||||||
|
|
||||||
|
MIT License
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining
|
||||||
|
a copy of this software and associated documentation files (the
|
||||||
|
"Software"), to deal in the Software without restriction, including
|
||||||
|
without limitation the rights to use, copy, modify, merge, publish,
|
||||||
|
distribute, sublicense, and/or sell copies of the Software, and to
|
||||||
|
permit persons to whom the Software is furnished to do so, subject to
|
||||||
|
the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be
|
||||||
|
included in all copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||||
|
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||||
|
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||||
|
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||||||
|
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||||
|
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||||||
|
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
1
vendor/github.com/emicklei/go-restful/Srcfile
generated
vendored
Normal file
1
vendor/github.com/emicklei/go-restful/Srcfile
generated
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
{"SkipDirs": ["examples"]}
|
123
vendor/github.com/emicklei/go-restful/compress.go
generated
vendored
Normal file
123
vendor/github.com/emicklei/go-restful/compress.go
generated
vendored
Normal file
|
@ -0,0 +1,123 @@
|
||||||
|
package restful
|
||||||
|
|
||||||
|
// Copyright 2013 Ernest Micklei. All rights reserved.
|
||||||
|
// Use of this source code is governed by a license
|
||||||
|
// that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bufio"
|
||||||
|
"compress/gzip"
|
||||||
|
"compress/zlib"
|
||||||
|
"errors"
|
||||||
|
"io"
|
||||||
|
"net"
|
||||||
|
"net/http"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
// OBSOLETE : use restful.DefaultContainer.EnableContentEncoding(true) to change this setting.
|
||||||
|
var EnableContentEncoding = false
|
||||||
|
|
||||||
|
// CompressingResponseWriter is a http.ResponseWriter that can perform content encoding (gzip and zlib)
|
||||||
|
type CompressingResponseWriter struct {
|
||||||
|
writer http.ResponseWriter
|
||||||
|
compressor io.WriteCloser
|
||||||
|
encoding string
|
||||||
|
}
|
||||||
|
|
||||||
|
// Header is part of http.ResponseWriter interface
|
||||||
|
func (c *CompressingResponseWriter) Header() http.Header {
|
||||||
|
return c.writer.Header()
|
||||||
|
}
|
||||||
|
|
||||||
|
// WriteHeader is part of http.ResponseWriter interface
|
||||||
|
func (c *CompressingResponseWriter) WriteHeader(status int) {
|
||||||
|
c.writer.WriteHeader(status)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Write is part of http.ResponseWriter interface
|
||||||
|
// It is passed through the compressor
|
||||||
|
func (c *CompressingResponseWriter) Write(bytes []byte) (int, error) {
|
||||||
|
if c.isCompressorClosed() {
|
||||||
|
return -1, errors.New("Compressing error: tried to write data using closed compressor")
|
||||||
|
}
|
||||||
|
return c.compressor.Write(bytes)
|
||||||
|
}
|
||||||
|
|
||||||
|
// CloseNotify is part of http.CloseNotifier interface
|
||||||
|
func (c *CompressingResponseWriter) CloseNotify() <-chan bool {
|
||||||
|
return c.writer.(http.CloseNotifier).CloseNotify()
|
||||||
|
}
|
||||||
|
|
||||||
|
// Close the underlying compressor
|
||||||
|
func (c *CompressingResponseWriter) Close() error {
|
||||||
|
if c.isCompressorClosed() {
|
||||||
|
return errors.New("Compressing error: tried to close already closed compressor")
|
||||||
|
}
|
||||||
|
|
||||||
|
c.compressor.Close()
|
||||||
|
if ENCODING_GZIP == c.encoding {
|
||||||
|
currentCompressorProvider.ReleaseGzipWriter(c.compressor.(*gzip.Writer))
|
||||||
|
}
|
||||||
|
if ENCODING_DEFLATE == c.encoding {
|
||||||
|
currentCompressorProvider.ReleaseZlibWriter(c.compressor.(*zlib.Writer))
|
||||||
|
}
|
||||||
|
// gc hint needed?
|
||||||
|
c.compressor = nil
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *CompressingResponseWriter) isCompressorClosed() bool {
|
||||||
|
return nil == c.compressor
|
||||||
|
}
|
||||||
|
|
||||||
|
// Hijack implements the Hijacker interface
|
||||||
|
// This is especially useful when combining Container.EnabledContentEncoding
|
||||||
|
// in combination with websockets (for instance gorilla/websocket)
|
||||||
|
func (c *CompressingResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) {
|
||||||
|
hijacker, ok := c.writer.(http.Hijacker)
|
||||||
|
if !ok {
|
||||||
|
return nil, nil, errors.New("ResponseWriter doesn't support Hijacker interface")
|
||||||
|
}
|
||||||
|
return hijacker.Hijack()
|
||||||
|
}
|
||||||
|
|
||||||
|
// WantsCompressedResponse reads the Accept-Encoding header to see if and which encoding is requested.
|
||||||
|
func wantsCompressedResponse(httpRequest *http.Request) (bool, string) {
|
||||||
|
header := httpRequest.Header.Get(HEADER_AcceptEncoding)
|
||||||
|
gi := strings.Index(header, ENCODING_GZIP)
|
||||||
|
zi := strings.Index(header, ENCODING_DEFLATE)
|
||||||
|
// use in order of appearance
|
||||||
|
if gi == -1 {
|
||||||
|
return zi != -1, ENCODING_DEFLATE
|
||||||
|
} else if zi == -1 {
|
||||||
|
return gi != -1, ENCODING_GZIP
|
||||||
|
} else {
|
||||||
|
if gi < zi {
|
||||||
|
return true, ENCODING_GZIP
|
||||||
|
}
|
||||||
|
return true, ENCODING_DEFLATE
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewCompressingResponseWriter create a CompressingResponseWriter for a known encoding = {gzip,deflate}
|
||||||
|
func NewCompressingResponseWriter(httpWriter http.ResponseWriter, encoding string) (*CompressingResponseWriter, error) {
|
||||||
|
httpWriter.Header().Set(HEADER_ContentEncoding, encoding)
|
||||||
|
c := new(CompressingResponseWriter)
|
||||||
|
c.writer = httpWriter
|
||||||
|
var err error
|
||||||
|
if ENCODING_GZIP == encoding {
|
||||||
|
w := currentCompressorProvider.AcquireGzipWriter()
|
||||||
|
w.Reset(httpWriter)
|
||||||
|
c.compressor = w
|
||||||
|
c.encoding = ENCODING_GZIP
|
||||||
|
} else if ENCODING_DEFLATE == encoding {
|
||||||
|
w := currentCompressorProvider.AcquireZlibWriter()
|
||||||
|
w.Reset(httpWriter)
|
||||||
|
c.compressor = w
|
||||||
|
c.encoding = ENCODING_DEFLATE
|
||||||
|
} else {
|
||||||
|
return nil, errors.New("Unknown encoding:" + encoding)
|
||||||
|
}
|
||||||
|
return c, err
|
||||||
|
}
|
103
vendor/github.com/emicklei/go-restful/compressor_cache.go
generated
vendored
Normal file
103
vendor/github.com/emicklei/go-restful/compressor_cache.go
generated
vendored
Normal file
|
@ -0,0 +1,103 @@
|
||||||
|
package restful
|
||||||
|
|
||||||
|
// Copyright 2015 Ernest Micklei. All rights reserved.
|
||||||
|
// Use of this source code is governed by a license
|
||||||
|
// that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
import (
|
||||||
|
"compress/gzip"
|
||||||
|
"compress/zlib"
|
||||||
|
)
|
||||||
|
|
||||||
|
// BoundedCachedCompressors is a CompressorProvider that uses a cache with a fixed amount
|
||||||
|
// of writers and readers (resources).
|
||||||
|
// If a new resource is acquired and all are in use, it will return a new unmanaged resource.
|
||||||
|
type BoundedCachedCompressors struct {
|
||||||
|
gzipWriters chan *gzip.Writer
|
||||||
|
gzipReaders chan *gzip.Reader
|
||||||
|
zlibWriters chan *zlib.Writer
|
||||||
|
writersCapacity int
|
||||||
|
readersCapacity int
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewBoundedCachedCompressors returns a new, with filled cache, BoundedCachedCompressors.
|
||||||
|
func NewBoundedCachedCompressors(writersCapacity, readersCapacity int) *BoundedCachedCompressors {
|
||||||
|
b := &BoundedCachedCompressors{
|
||||||
|
gzipWriters: make(chan *gzip.Writer, writersCapacity),
|
||||||
|
gzipReaders: make(chan *gzip.Reader, readersCapacity),
|
||||||
|
zlibWriters: make(chan *zlib.Writer, writersCapacity),
|
||||||
|
writersCapacity: writersCapacity,
|
||||||
|
readersCapacity: readersCapacity,
|
||||||
|
}
|
||||||
|
for ix := 0; ix < writersCapacity; ix++ {
|
||||||
|
b.gzipWriters <- newGzipWriter()
|
||||||
|
b.zlibWriters <- newZlibWriter()
|
||||||
|
}
|
||||||
|
for ix := 0; ix < readersCapacity; ix++ {
|
||||||
|
b.gzipReaders <- newGzipReader()
|
||||||
|
}
|
||||||
|
return b
|
||||||
|
}
|
||||||
|
|
||||||
|
// AcquireGzipWriter returns an resettable *gzip.Writer. Needs to be released.
|
||||||
|
func (b *BoundedCachedCompressors) AcquireGzipWriter() *gzip.Writer {
|
||||||
|
var writer *gzip.Writer
|
||||||
|
select {
|
||||||
|
case writer, _ = <-b.gzipWriters:
|
||||||
|
default:
|
||||||
|
// return a new unmanaged one
|
||||||
|
writer = newGzipWriter()
|
||||||
|
}
|
||||||
|
return writer
|
||||||
|
}
|
||||||
|
|
||||||
|
// ReleaseGzipWriter accepts a writer (does not have to be one that was cached)
|
||||||
|
// only when the cache has room for it. It will ignore it otherwise.
|
||||||
|
func (b *BoundedCachedCompressors) ReleaseGzipWriter(w *gzip.Writer) {
|
||||||
|
// forget the unmanaged ones
|
||||||
|
if len(b.gzipWriters) < b.writersCapacity {
|
||||||
|
b.gzipWriters <- w
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// AcquireGzipReader returns a *gzip.Reader. Needs to be released.
|
||||||
|
func (b *BoundedCachedCompressors) AcquireGzipReader() *gzip.Reader {
|
||||||
|
var reader *gzip.Reader
|
||||||
|
select {
|
||||||
|
case reader, _ = <-b.gzipReaders:
|
||||||
|
default:
|
||||||
|
// return a new unmanaged one
|
||||||
|
reader = newGzipReader()
|
||||||
|
}
|
||||||
|
return reader
|
||||||
|
}
|
||||||
|
|
||||||
|
// ReleaseGzipReader accepts a reader (does not have to be one that was cached)
|
||||||
|
// only when the cache has room for it. It will ignore it otherwise.
|
||||||
|
func (b *BoundedCachedCompressors) ReleaseGzipReader(r *gzip.Reader) {
|
||||||
|
// forget the unmanaged ones
|
||||||
|
if len(b.gzipReaders) < b.readersCapacity {
|
||||||
|
b.gzipReaders <- r
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// AcquireZlibWriter returns an resettable *zlib.Writer. Needs to be released.
|
||||||
|
func (b *BoundedCachedCompressors) AcquireZlibWriter() *zlib.Writer {
|
||||||
|
var writer *zlib.Writer
|
||||||
|
select {
|
||||||
|
case writer, _ = <-b.zlibWriters:
|
||||||
|
default:
|
||||||
|
// return a new unmanaged one
|
||||||
|
writer = newZlibWriter()
|
||||||
|
}
|
||||||
|
return writer
|
||||||
|
}
|
||||||
|
|
||||||
|
// ReleaseZlibWriter accepts a writer (does not have to be one that was cached)
|
||||||
|
// only when the cache has room for it. It will ignore it otherwise.
|
||||||
|
func (b *BoundedCachedCompressors) ReleaseZlibWriter(w *zlib.Writer) {
|
||||||
|
// forget the unmanaged ones
|
||||||
|
if len(b.zlibWriters) < b.writersCapacity {
|
||||||
|
b.zlibWriters <- w
|
||||||
|
}
|
||||||
|
}
|
91
vendor/github.com/emicklei/go-restful/compressor_pools.go
generated
vendored
Normal file
91
vendor/github.com/emicklei/go-restful/compressor_pools.go
generated
vendored
Normal file
|
@ -0,0 +1,91 @@
|
||||||
|
package restful
|
||||||
|
|
||||||
|
// Copyright 2015 Ernest Micklei. All rights reserved.
|
||||||
|
// Use of this source code is governed by a license
|
||||||
|
// that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"compress/gzip"
|
||||||
|
"compress/zlib"
|
||||||
|
"sync"
|
||||||
|
)
|
||||||
|
|
||||||
|
// SyncPoolCompessors is a CompressorProvider that use the standard sync.Pool.
|
||||||
|
type SyncPoolCompessors struct {
|
||||||
|
GzipWriterPool *sync.Pool
|
||||||
|
GzipReaderPool *sync.Pool
|
||||||
|
ZlibWriterPool *sync.Pool
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewSyncPoolCompessors returns a new ("empty") SyncPoolCompessors.
|
||||||
|
func NewSyncPoolCompessors() *SyncPoolCompessors {
|
||||||
|
return &SyncPoolCompessors{
|
||||||
|
GzipWriterPool: &sync.Pool{
|
||||||
|
New: func() interface{} { return newGzipWriter() },
|
||||||
|
},
|
||||||
|
GzipReaderPool: &sync.Pool{
|
||||||
|
New: func() interface{} { return newGzipReader() },
|
||||||
|
},
|
||||||
|
ZlibWriterPool: &sync.Pool{
|
||||||
|
New: func() interface{} { return newZlibWriter() },
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SyncPoolCompessors) AcquireGzipWriter() *gzip.Writer {
|
||||||
|
return s.GzipWriterPool.Get().(*gzip.Writer)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SyncPoolCompessors) ReleaseGzipWriter(w *gzip.Writer) {
|
||||||
|
s.GzipWriterPool.Put(w)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SyncPoolCompessors) AcquireGzipReader() *gzip.Reader {
|
||||||
|
return s.GzipReaderPool.Get().(*gzip.Reader)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SyncPoolCompessors) ReleaseGzipReader(r *gzip.Reader) {
|
||||||
|
s.GzipReaderPool.Put(r)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SyncPoolCompessors) AcquireZlibWriter() *zlib.Writer {
|
||||||
|
return s.ZlibWriterPool.Get().(*zlib.Writer)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *SyncPoolCompessors) ReleaseZlibWriter(w *zlib.Writer) {
|
||||||
|
s.ZlibWriterPool.Put(w)
|
||||||
|
}
|
||||||
|
|
||||||
|
func newGzipWriter() *gzip.Writer {
|
||||||
|
// create with an empty bytes writer; it will be replaced before using the gzipWriter
|
||||||
|
writer, err := gzip.NewWriterLevel(new(bytes.Buffer), gzip.BestSpeed)
|
||||||
|
if err != nil {
|
||||||
|
panic(err.Error())
|
||||||
|
}
|
||||||
|
return writer
|
||||||
|
}
|
||||||
|
|
||||||
|
func newGzipReader() *gzip.Reader {
|
||||||
|
// create with an empty reader (but with GZIP header); it will be replaced before using the gzipReader
|
||||||
|
// we can safely use currentCompressProvider because it is set on package initialization.
|
||||||
|
w := currentCompressorProvider.AcquireGzipWriter()
|
||||||
|
defer currentCompressorProvider.ReleaseGzipWriter(w)
|
||||||
|
b := new(bytes.Buffer)
|
||||||
|
w.Reset(b)
|
||||||
|
w.Flush()
|
||||||
|
w.Close()
|
||||||
|
reader, err := gzip.NewReader(bytes.NewReader(b.Bytes()))
|
||||||
|
if err != nil {
|
||||||
|
panic(err.Error())
|
||||||
|
}
|
||||||
|
return reader
|
||||||
|
}
|
||||||
|
|
||||||
|
func newZlibWriter() *zlib.Writer {
|
||||||
|
writer, err := zlib.NewWriterLevel(new(bytes.Buffer), gzip.BestSpeed)
|
||||||
|
if err != nil {
|
||||||
|
panic(err.Error())
|
||||||
|
}
|
||||||
|
return writer
|
||||||
|
}
|
53
vendor/github.com/emicklei/go-restful/compressors.go
generated
vendored
Normal file
53
vendor/github.com/emicklei/go-restful/compressors.go
generated
vendored
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
package restful
|
||||||
|
|
||||||
|
// Copyright 2015 Ernest Micklei. All rights reserved.
|
||||||
|
// Use of this source code is governed by a license
|
||||||
|
// that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
import (
|
||||||
|
"compress/gzip"
|
||||||
|
"compress/zlib"
|
||||||
|
)
|
||||||
|
|
||||||
|
type CompressorProvider interface {
|
||||||
|
// Returns a *gzip.Writer which needs to be released later.
|
||||||
|
// Before using it, call Reset().
|
||||||
|
AcquireGzipWriter() *gzip.Writer
|
||||||
|
|
||||||
|
// Releases an aqcuired *gzip.Writer.
|
||||||
|
ReleaseGzipWriter(w *gzip.Writer)
|
||||||
|
|
||||||
|
// Returns a *gzip.Reader which needs to be released later.
|
||||||
|
AcquireGzipReader() *gzip.Reader
|
||||||
|
|
||||||
|
// Releases an aqcuired *gzip.Reader.
|
||||||
|
ReleaseGzipReader(w *gzip.Reader)
|
||||||
|
|
||||||
|
// Returns a *zlib.Writer which needs to be released later.
|
||||||
|
// Before using it, call Reset().
|
||||||
|
AcquireZlibWriter() *zlib.Writer
|
||||||
|
|
||||||
|
// Releases an aqcuired *zlib.Writer.
|
||||||
|
ReleaseZlibWriter(w *zlib.Writer)
|
||||||
|
}
|
||||||
|
|
||||||
|
// DefaultCompressorProvider is the actual provider of compressors (zlib or gzip).
|
||||||
|
var currentCompressorProvider CompressorProvider
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
currentCompressorProvider = NewSyncPoolCompessors()
|
||||||
|
}
|
||||||
|
|
||||||
|
// CurrentCompressorProvider returns the current CompressorProvider.
|
||||||
|
// It is initialized using a SyncPoolCompessors.
|
||||||
|
func CurrentCompressorProvider() CompressorProvider {
|
||||||
|
return currentCompressorProvider
|
||||||
|
}
|
||||||
|
|
||||||
|
// CompressorProvider sets the actual provider of compressors (zlib or gzip).
|
||||||
|
func SetCompressorProvider(p CompressorProvider) {
|
||||||
|
if p == nil {
|
||||||
|
panic("cannot set compressor provider to nil")
|
||||||
|
}
|
||||||
|
currentCompressorProvider = p
|
||||||
|
}
|
30
vendor/github.com/emicklei/go-restful/constants.go
generated
vendored
Normal file
30
vendor/github.com/emicklei/go-restful/constants.go
generated
vendored
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
package restful
|
||||||
|
|
||||||
|
// Copyright 2013 Ernest Micklei. All rights reserved.
|
||||||
|
// Use of this source code is governed by a license
|
||||||
|
// that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
const (
|
||||||
|
MIME_XML = "application/xml" // Accept or Content-Type used in Consumes() and/or Produces()
|
||||||
|
MIME_JSON = "application/json" // Accept or Content-Type used in Consumes() and/or Produces()
|
||||||
|
MIME_OCTET = "application/octet-stream" // If Content-Type is not present in request, use the default
|
||||||
|
|
||||||
|
HEADER_Allow = "Allow"
|
||||||
|
HEADER_Accept = "Accept"
|
||||||
|
HEADER_Origin = "Origin"
|
||||||
|
HEADER_ContentType = "Content-Type"
|
||||||
|
HEADER_LastModified = "Last-Modified"
|
||||||
|
HEADER_AcceptEncoding = "Accept-Encoding"
|
||||||
|
HEADER_ContentEncoding = "Content-Encoding"
|
||||||
|
HEADER_AccessControlExposeHeaders = "Access-Control-Expose-Headers"
|
||||||
|
HEADER_AccessControlRequestMethod = "Access-Control-Request-Method"
|
||||||
|
HEADER_AccessControlRequestHeaders = "Access-Control-Request-Headers"
|
||||||
|
HEADER_AccessControlAllowMethods = "Access-Control-Allow-Methods"
|
||||||
|
HEADER_AccessControlAllowOrigin = "Access-Control-Allow-Origin"
|
||||||
|
HEADER_AccessControlAllowCredentials = "Access-Control-Allow-Credentials"
|
||||||
|
HEADER_AccessControlAllowHeaders = "Access-Control-Allow-Headers"
|
||||||
|
HEADER_AccessControlMaxAge = "Access-Control-Max-Age"
|
||||||
|
|
||||||
|
ENCODING_GZIP = "gzip"
|
||||||
|
ENCODING_DEFLATE = "deflate"
|
||||||
|
)
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue