forked from snapcore/snapd
/
client.go
392 lines (339 loc) · 10.1 KB
/
client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
// -*- Mode: Go; indent-tabs-mode: t -*-
/*
* Copyright (C) 2015-2016 Canonical Ltd
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package client
import (
"bytes"
"encoding/json"
"fmt"
"io"
"io/ioutil"
"net"
"net/http"
"net/url"
"os"
"path"
"syscall"
"time"
"github.com/snapcore/snapd/dirs"
)
func unixDialer() func(string, string) (net.Conn, error) {
// We have two sockets available: the SnapdSocket (which provides
// administrative access), and the SnapSocket (which doesn't). Use the most
// powerful one available (e.g. from within snaps, SnapdSocket is hidden by
// apparmor unless the snap has the snapd-control interface).
socketPath := dirs.SnapdSocket
file, err := os.OpenFile(socketPath, os.O_RDWR, 0666)
if err == nil {
file.Close()
} else if e, ok := err.(*os.PathError); ok && (e.Err == syscall.ENOENT || e.Err == syscall.EACCES) {
socketPath = dirs.SnapSocket
}
return func(_, _ string) (net.Conn, error) {
return net.Dial("unix", socketPath)
}
}
type doer interface {
Do(*http.Request) (*http.Response, error)
}
// Config allows to customize client behavior.
type Config struct {
// BaseURL contains the base URL where snappy daemon is expected to be.
// It can be empty for a default behavior of talking over a unix socket.
BaseURL string
}
// A Client knows how to talk to the snappy daemon.
type Client struct {
baseURL url.URL
doer doer
}
// New returns a new instance of Client
func New(config *Config) *Client {
// By default talk over an UNIX socket.
if config == nil || config.BaseURL == "" {
return &Client{
baseURL: url.URL{
Scheme: "http",
Host: "localhost",
},
doer: &http.Client{
Transport: &http.Transport{Dial: unixDialer()},
},
}
}
baseURL, err := url.Parse(config.BaseURL)
if err != nil {
panic(fmt.Sprintf("cannot parse server base URL: %q (%v)", config.BaseURL, err))
}
return &Client{
baseURL: *baseURL,
doer: &http.Client{},
}
}
func (client *Client) setAuthorization(req *http.Request) error {
user, err := readAuthData()
if os.IsNotExist(err) {
return nil
}
if err != nil {
return err
}
var buf bytes.Buffer
fmt.Fprintf(&buf, `Macaroon root="%s"`, user.Macaroon)
for _, discharge := range user.Discharges {
fmt.Fprintf(&buf, `, discharge="%s"`, discharge)
}
req.Header.Set("Authorization", buf.String())
return nil
}
// raw performs a request and returns the resulting http.Response and
// error you usually only need to call this directly if you expect the
// response to not be JSON, otherwise you'd call Do(...) instead.
func (client *Client) raw(method, urlpath string, query url.Values, headers map[string]string, body io.Reader) (*http.Response, error) {
// fake a url to keep http.Client happy
u := client.baseURL
u.Path = path.Join(client.baseURL.Path, urlpath)
u.RawQuery = query.Encode()
req, err := http.NewRequest(method, u.String(), body)
if err != nil {
return nil, err
}
for key, value := range headers {
req.Header.Set(key, value)
}
// set Authorization header if there are user's credentials
err = client.setAuthorization(req)
if err != nil {
return nil, err
}
return client.doer.Do(req)
}
var (
doRetry = 250 * time.Millisecond
doTimeout = 5 * time.Second
)
// MockDoRetry mocks the delays used by the do retry loop.
func MockDoRetry(retry, timeout time.Duration) (restore func()) {
oldRetry := doRetry
oldTimeout := doTimeout
doRetry = retry
doTimeout = timeout
return func() {
doRetry = oldRetry
doTimeout = oldTimeout
}
}
// do performs a request and decodes the resulting json into the given
// value. It's low-level, for testing/experimenting only; you should
// usually use a higher level interface that builds on this.
func (client *Client) do(method, path string, query url.Values, headers map[string]string, body io.Reader, v interface{}) error {
retry := time.NewTicker(doRetry)
defer retry.Stop()
timeout := time.After(doTimeout)
var rsp *http.Response
var err error
for {
rsp, err = client.raw(method, path, query, headers, body)
if err == nil || method != "GET" {
break
}
select {
case <-retry.C:
continue
case <-timeout:
}
break
}
if err != nil {
return fmt.Errorf("cannot communicate with server: %s", err)
}
defer rsp.Body.Close()
if v != nil {
dec := json.NewDecoder(rsp.Body)
if err := dec.Decode(v); err != nil {
r := dec.Buffered()
buf, err1 := ioutil.ReadAll(r)
if err1 != nil {
buf = []byte(fmt.Sprintf("error reading buffered response body: %s", err1))
}
return fmt.Errorf("cannot decode %q: %s", buf, err)
}
}
return nil
}
// doSync performs a request to the given path using the specified HTTP method.
// It expects a "sync" response from the API and on success decodes the JSON
// response payload into the given value.
func (client *Client) doSync(method, path string, query url.Values, headers map[string]string, body io.Reader, v interface{}) (*ResultInfo, error) {
var rsp response
if err := client.do(method, path, query, headers, body, &rsp); err != nil {
return nil, err
}
if err := rsp.err(); err != nil {
return nil, err
}
if rsp.Type != "sync" {
return nil, fmt.Errorf("expected sync response, got %q", rsp.Type)
}
if v != nil {
if err := json.Unmarshal(rsp.Result, v); err != nil {
return nil, fmt.Errorf("cannot unmarshal: %v", err)
}
}
return &rsp.ResultInfo, nil
}
func (client *Client) doAsync(method, path string, query url.Values, headers map[string]string, body io.Reader) (changeID string, err error) {
var rsp response
if err := client.do(method, path, query, headers, body, &rsp); err != nil {
return "", err
}
if err := rsp.err(); err != nil {
return "", err
}
if rsp.Type != "async" {
return "", fmt.Errorf("expected async response for %q on %q, got %q", method, path, rsp.Type)
}
if rsp.StatusCode != http.StatusAccepted {
return "", fmt.Errorf("operation not accepted")
}
if rsp.Change == "" {
return "", fmt.Errorf("async response without change reference")
}
return rsp.Change, nil
}
type ServerVersion struct {
Version string
Series string
OSID string
OSVersionID string
OnClassic bool
}
func (client *Client) ServerVersion() (*ServerVersion, error) {
sysInfo, err := client.SysInfo()
if err != nil {
return nil, err
}
return &ServerVersion{
Version: sysInfo.Version,
Series: sysInfo.Series,
OSID: sysInfo.OSRelease.ID,
OSVersionID: sysInfo.OSRelease.VersionID,
OnClassic: sysInfo.OnClassic,
}, nil
}
// A response produced by the REST API will usually fit in this
// (exceptions are the icons/ endpoints obvs)
type response struct {
Result json.RawMessage `json:"result"`
Status string `json:"status"`
StatusCode int `json:"status-code"`
Type string `json:"type"`
Change string `json:"change"`
ResultInfo
}
// Error is the real value of response.Result when an error occurs.
type Error struct {
Kind string `json:"kind"`
Message string `json:"message"`
StatusCode int
}
func (e *Error) Error() string {
return e.Message
}
const (
ErrorKindTwoFactorRequired = "two-factor-required"
ErrorKindTwoFactorFailed = "two-factor-failed"
ErrorKindLoginRequired = "login-required"
)
// IsTwoFactorError returns whether the given error is due to problems
// in two-factor authentication.
func IsTwoFactorError(err error) bool {
e, ok := err.(*Error)
if !ok || e == nil {
return false
}
return e.Kind == ErrorKindTwoFactorFailed || e.Kind == ErrorKindTwoFactorRequired
}
// OSRelease contains information about the system extracted from /etc/os-release.
type OSRelease struct {
ID string `json:"id"`
VersionID string `json:"version-id,omitempty"`
}
// SysInfo holds system information
type SysInfo struct {
Series string `json:"series,omitempty"`
Version string `json:"version,omitempty"`
OSRelease OSRelease `json:"os-release"`
OnClassic bool `json:"on-classic"`
}
func (rsp *response) err() error {
if rsp.Type != "error" {
return nil
}
var resultErr Error
err := json.Unmarshal(rsp.Result, &resultErr)
if err != nil || resultErr.Message == "" {
return fmt.Errorf("server error: %q", rsp.Status)
}
resultErr.StatusCode = rsp.StatusCode
return &resultErr
}
func parseError(r *http.Response) error {
var rsp response
if r.Header.Get("Content-Type") != "application/json" {
return fmt.Errorf("server error: %q", r.Status)
}
dec := json.NewDecoder(r.Body)
if err := dec.Decode(&rsp); err != nil {
return fmt.Errorf("cannot unmarshal error: %v", err)
}
err := rsp.err()
if err == nil {
return fmt.Errorf("server error: %q", r.Status)
}
return err
}
// SysInfo gets system information from the REST API.
func (client *Client) SysInfo() (*SysInfo, error) {
var sysInfo SysInfo
if _, err := client.doSync("GET", "/v2/system-info", nil, nil, nil, &sysInfo); err != nil {
return nil, fmt.Errorf("bad sysinfo result: %v", err)
}
return &sysInfo, nil
}
// CreateUserResult holds the result of a user creation
type CreateUserResult struct {
Username string `json:"username"`
SSHKeyCount int `json:"ssh-key-count"`
}
// createUserRequest holds the user creation request
type CreateUserRequest struct {
Email string `json:"email"`
Sudoer bool `json:"sudoer"`
}
// CreateUser creates a user from the given mail address
func (client *Client) CreateUser(request *CreateUserRequest) (*CreateUserResult, error) {
var createResult CreateUserResult
b, err := json.Marshal(request)
if err != nil {
return nil, err
}
if _, err := client.doSync("POST", "/v2/create-user", nil, nil, bytes.NewReader(b), &createResult); err != nil {
return nil, fmt.Errorf("bad user result: %v", err)
}
return &createResult, nil
}