forked from snapcore/snapd
/
client.go
716 lines (604 loc) · 19.7 KB
/
client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
// -*- Mode: Go; indent-tabs-mode: t -*-
/*
* Copyright (C) 2015-2018 Canonical Ltd
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package client
import (
"bytes"
"encoding/json"
"fmt"
"io"
"io/ioutil"
"net"
"net/http"
"net/url"
"os"
"path"
"time"
"github.com/snapcore/snapd/dirs"
"github.com/snapcore/snapd/jsonutil"
)
func unixDialer(socketPath string) func(string, string) (net.Conn, error) {
if socketPath == "" {
socketPath = dirs.SnapdSocket
}
return func(_, _ string) (net.Conn, error) {
return net.Dial("unix", socketPath)
}
}
type doer interface {
Do(*http.Request) (*http.Response, error)
}
// Config allows to customize client behavior.
type Config struct {
// BaseURL contains the base URL where snappy daemon is expected to be.
// It can be empty for a default behavior of talking over a unix socket.
BaseURL string
// DisableAuth controls whether the client should send an
// Authorization header from reading the auth.json data.
DisableAuth bool
// Interactive controls whether the client runs in interactive mode.
// At present, this only affects whether interactive polkit
// authorisation is requested.
Interactive bool
// Socket is the path to the unix socket to use
Socket string
// DisableKeepAlive indicates whether the connections should not be kept
// alive for later reuse
DisableKeepAlive bool
// User-Agent to sent to the snapd daemon
UserAgent string
}
// A Client knows how to talk to the snappy daemon.
type Client struct {
baseURL url.URL
doer doer
disableAuth bool
interactive bool
maintenance error
warningCount int
warningTimestamp time.Time
userAgent string
}
// New returns a new instance of Client
func New(config *Config) *Client {
if config == nil {
config = &Config{}
}
// By default talk over an UNIX socket.
if config.BaseURL == "" {
transport := &http.Transport{Dial: unixDialer(config.Socket), DisableKeepAlives: config.DisableKeepAlive}
return &Client{
baseURL: url.URL{
Scheme: "http",
Host: "localhost",
},
doer: &http.Client{Transport: transport},
disableAuth: config.DisableAuth,
interactive: config.Interactive,
userAgent: config.UserAgent,
}
}
baseURL, err := url.Parse(config.BaseURL)
if err != nil {
panic(fmt.Sprintf("cannot parse server base URL: %q (%v)", config.BaseURL, err))
}
return &Client{
baseURL: *baseURL,
doer: &http.Client{Transport: &http.Transport{DisableKeepAlives: config.DisableKeepAlive}},
disableAuth: config.DisableAuth,
interactive: config.Interactive,
userAgent: config.UserAgent,
}
}
// Maintenance returns an error reflecting the daemon maintenance status or nil.
func (client *Client) Maintenance() error {
return client.maintenance
}
// WarningsSummary returns the number of warnings that are ready to be shown to
// the user, and the timestamp of the most recently added warning (useful for
// silencing the warning alerts, and OKing the returned warnings).
func (client *Client) WarningsSummary() (count int, timestamp time.Time) {
return client.warningCount, client.warningTimestamp
}
func (client *Client) WhoAmI() (string, error) {
user, err := readAuthData()
if os.IsNotExist(err) {
return "", nil
}
if err != nil {
return "", err
}
return user.Email, nil
}
func (client *Client) setAuthorization(req *http.Request) error {
user, err := readAuthData()
if os.IsNotExist(err) {
return nil
}
if err != nil {
return err
}
var buf bytes.Buffer
fmt.Fprintf(&buf, `Macaroon root="%s"`, user.Macaroon)
for _, discharge := range user.Discharges {
fmt.Fprintf(&buf, `, discharge="%s"`, discharge)
}
req.Header.Set("Authorization", buf.String())
return nil
}
type RequestError struct{ error }
func (e RequestError) Error() string {
return fmt.Sprintf("cannot build request: %v", e.error)
}
type AuthorizationError struct{ error }
func (e AuthorizationError) Error() string {
return fmt.Sprintf("cannot add authorization: %v", e.error)
}
type ConnectionError struct{ error }
func (e ConnectionError) Error() string {
return fmt.Sprintf("cannot communicate with server: %v", e.error)
}
// AllowInteractionHeader is the HTTP request header used to indicate
// that the client is willing to allow interaction.
const AllowInteractionHeader = "X-Allow-Interaction"
// raw performs a request and returns the resulting http.Response and
// error you usually only need to call this directly if you expect the
// response to not be JSON, otherwise you'd call Do(...) instead.
func (client *Client) raw(method, urlpath string, query url.Values, headers map[string]string, body io.Reader) (*http.Response, error) {
// fake a url to keep http.Client happy
u := client.baseURL
u.Path = path.Join(client.baseURL.Path, urlpath)
u.RawQuery = query.Encode()
req, err := http.NewRequest(method, u.String(), body)
if err != nil {
return nil, RequestError{err}
}
if client.userAgent != "" {
req.Header.Set("User-Agent", client.userAgent)
}
for key, value := range headers {
req.Header.Set(key, value)
}
if !client.disableAuth {
// set Authorization header if there are user's credentials
err = client.setAuthorization(req)
if err != nil {
return nil, AuthorizationError{err}
}
}
if client.interactive {
req.Header.Set(AllowInteractionHeader, "true")
}
rsp, err := client.doer.Do(req)
if err != nil {
return nil, ConnectionError{err}
}
return rsp, nil
}
var (
doRetry = 250 * time.Millisecond
doTimeout = 5 * time.Second
)
// MockDoRetry mocks the delays used by the do retry loop.
func MockDoRetry(retry, timeout time.Duration) (restore func()) {
oldRetry := doRetry
oldTimeout := doTimeout
doRetry = retry
doTimeout = timeout
return func() {
doRetry = oldRetry
doTimeout = oldTimeout
}
}
type hijacked struct {
do func(*http.Request) (*http.Response, error)
}
func (h hijacked) Do(req *http.Request) (*http.Response, error) {
return h.do(req)
}
// Hijack lets the caller take over the raw http request
func (client *Client) Hijack(f func(*http.Request) (*http.Response, error)) {
client.doer = hijacked{f}
}
// do performs a request and decodes the resulting json into the given
// value. It's low-level, for testing/experimenting only; you should
// usually use a higher level interface that builds on this.
func (client *Client) do(method, path string, query url.Values, headers map[string]string, body io.Reader, v interface{}) (statusCode int, err error) {
retry := time.NewTicker(doRetry)
defer retry.Stop()
timeout := time.After(doTimeout)
var rsp *http.Response
for {
rsp, err = client.raw(method, path, query, headers, body)
if err == nil || method != "GET" {
break
}
select {
case <-retry.C:
continue
case <-timeout:
}
break
}
if err != nil {
return 0, err
}
defer rsp.Body.Close()
if v != nil {
if err := decodeInto(rsp.Body, v); err != nil {
return rsp.StatusCode, err
}
}
return rsp.StatusCode, nil
}
func decodeInto(reader io.Reader, v interface{}) error {
dec := json.NewDecoder(reader)
if err := dec.Decode(v); err != nil {
r := dec.Buffered()
buf, err1 := ioutil.ReadAll(r)
if err1 != nil {
buf = []byte(fmt.Sprintf("error reading buffered response body: %s", err1))
}
return fmt.Errorf("cannot decode %q: %s", buf, err)
}
return nil
}
// doSync performs a request to the given path using the specified HTTP method.
// It expects a "sync" response from the API and on success decodes the JSON
// response payload into the given value using the "UseNumber" json decoding
// which produces json.Numbers instead of float64 types for numbers.
func (client *Client) doSync(method, path string, query url.Values, headers map[string]string, body io.Reader, v interface{}) (*ResultInfo, error) {
var rsp response
statusCode, err := client.do(method, path, query, headers, body, &rsp)
if err != nil {
return nil, err
}
if err := rsp.err(client, statusCode); err != nil {
return nil, err
}
if rsp.Type != "sync" {
return nil, fmt.Errorf("expected sync response, got %q", rsp.Type)
}
if v != nil {
if err := jsonutil.DecodeWithNumber(bytes.NewReader(rsp.Result), v); err != nil {
return nil, fmt.Errorf("cannot unmarshal: %v", err)
}
}
client.warningCount = rsp.WarningCount
client.warningTimestamp = rsp.WarningTimestamp
return &rsp.ResultInfo, nil
}
func (client *Client) doAsync(method, path string, query url.Values, headers map[string]string, body io.Reader) (changeID string, err error) {
_, changeID, err = client.doAsyncFull(method, path, query, headers, body)
return
}
func (client *Client) doAsyncFull(method, path string, query url.Values, headers map[string]string, body io.Reader) (result json.RawMessage, changeID string, err error) {
var rsp response
statusCode, err := client.do(method, path, query, headers, body, &rsp)
if err != nil {
return nil, "", err
}
if err := rsp.err(client, statusCode); err != nil {
return nil, "", err
}
if rsp.Type != "async" {
return nil, "", fmt.Errorf("expected async response for %q on %q, got %q", method, path, rsp.Type)
}
if statusCode != 202 {
return nil, "", fmt.Errorf("operation not accepted")
}
if rsp.Change == "" {
return nil, "", fmt.Errorf("async response without change reference")
}
return rsp.Result, rsp.Change, nil
}
type ServerVersion struct {
Version string
Series string
OSID string
OSVersionID string
OnClassic bool
KernelVersion string
}
func (client *Client) ServerVersion() (*ServerVersion, error) {
sysInfo, err := client.SysInfo()
if err != nil {
return nil, err
}
return &ServerVersion{
Version: sysInfo.Version,
Series: sysInfo.Series,
OSID: sysInfo.OSRelease.ID,
OSVersionID: sysInfo.OSRelease.VersionID,
OnClassic: sysInfo.OnClassic,
KernelVersion: sysInfo.KernelVersion,
}, nil
}
// A response produced by the REST API will usually fit in this
// (exceptions are the icons/ endpoints obvs)
type response struct {
Result json.RawMessage `json:"result"`
Type string `json:"type"`
Change string `json:"change"`
WarningCount int `json:"warning-count"`
WarningTimestamp time.Time `json:"warning-timestamp"`
ResultInfo
Maintenance *Error `json:"maintenance"`
}
// Error is the real value of response.Result when an error occurs.
type Error struct {
Kind string `json:"kind"`
Value interface{} `json:"value"`
Message string `json:"message"`
StatusCode int
}
func (e *Error) Error() string {
return e.Message
}
const (
ErrorKindTwoFactorRequired = "two-factor-required"
ErrorKindTwoFactorFailed = "two-factor-failed"
ErrorKindLoginRequired = "login-required"
ErrorKindInvalidAuthData = "invalid-auth-data"
ErrorKindTermsNotAccepted = "terms-not-accepted"
ErrorKindNoPaymentMethods = "no-payment-methods"
ErrorKindPaymentDeclined = "payment-declined"
ErrorKindPasswordPolicy = "password-policy"
ErrorKindSnapAlreadyInstalled = "snap-already-installed"
ErrorKindSnapNotInstalled = "snap-not-installed"
ErrorKindSnapNotFound = "snap-not-found"
ErrorKindAppNotFound = "app-not-found"
ErrorKindSnapLocal = "snap-local"
ErrorKindSnapNeedsDevMode = "snap-needs-devmode"
ErrorKindSnapNeedsClassic = "snap-needs-classic"
ErrorKindSnapNeedsClassicSystem = "snap-needs-classic-system"
ErrorKindSnapNotClassic = "snap-not-classic"
ErrorKindNoUpdateAvailable = "snap-no-update-available"
ErrorKindRevisionNotAvailable = "snap-revision-not-available"
ErrorKindChannelNotAvailable = "snap-channel-not-available"
ErrorKindArchitectureNotAvailable = "snap-architecture-not-available"
ErrorKindChangeConflict = "snap-change-conflict"
ErrorKindNotSnap = "snap-not-a-snap"
ErrorKindNetworkTimeout = "network-timeout"
ErrorKindDNSFailure = "dns-failure"
ErrorKindInterfacesUnchanged = "interfaces-unchanged"
ErrorKindBadQuery = "bad-query"
ErrorKindConfigNoSuchOption = "option-not-found"
ErrorKindSystemRestart = "system-restart"
ErrorKindDaemonRestart = "daemon-restart"
ErrorKindAssertionNotFound = "assertion-not-found"
)
// IsRetryable returns true if the given error is an error
// that can be retried later.
func IsRetryable(err error) bool {
switch e := err.(type) {
case *Error:
return e.Kind == ErrorKindChangeConflict
}
return false
}
// IsTwoFactorError returns whether the given error is due to problems
// in two-factor authentication.
func IsTwoFactorError(err error) bool {
e, ok := err.(*Error)
if !ok || e == nil {
return false
}
return e.Kind == ErrorKindTwoFactorFailed || e.Kind == ErrorKindTwoFactorRequired
}
// IsInterfacesUnchangedError returns whether the given error means the requested
// change to interfaces was not made, because there was nothing to do.
func IsInterfacesUnchangedError(err error) bool {
e, ok := err.(*Error)
if !ok || e == nil {
return false
}
return e.Kind == ErrorKindInterfacesUnchanged
}
// IsAssertionNotFoundError returns whether the given error means that the
// assertion wasn't found and thus the device isn't ready/seeded.
func IsAssertionNotFoundError(err error) bool {
e, ok := err.(*Error)
if !ok || e == nil {
return false
}
return e.Kind == ErrorKindAssertionNotFound
}
// OSRelease contains information about the system extracted from /etc/os-release.
type OSRelease struct {
ID string `json:"id"`
VersionID string `json:"version-id,omitempty"`
}
// RefreshInfo contains information about refreshes.
type RefreshInfo struct {
// Timer contains the refresh.timer setting.
Timer string `json:"timer,omitempty"`
// Schedule contains the legacy refresh.schedule setting.
Schedule string `json:"schedule,omitempty"`
Last string `json:"last,omitempty"`
Hold string `json:"hold,omitempty"`
Next string `json:"next,omitempty"`
}
// SysInfo holds system information
type SysInfo struct {
Series string `json:"series,omitempty"`
Version string `json:"version,omitempty"`
BuildID string `json:"build-id"`
OSRelease OSRelease `json:"os-release"`
OnClassic bool `json:"on-classic"`
Managed bool `json:"managed"`
KernelVersion string `json:"kernel-version,omitempty"`
Refresh RefreshInfo `json:"refresh,omitempty"`
Confinement string `json:"confinement"`
SandboxFeatures map[string][]string `json:"sandbox-features,omitempty"`
}
func (rsp *response) err(cli *Client, statusCode int) error {
if cli != nil {
maintErr := rsp.Maintenance
// avoid setting to (*client.Error)(nil)
if maintErr != nil {
cli.maintenance = maintErr
} else {
cli.maintenance = nil
}
}
if rsp.Type != "error" {
return nil
}
var resultErr Error
err := json.Unmarshal(rsp.Result, &resultErr)
if err != nil || resultErr.Message == "" {
return fmt.Errorf("server error: %q", http.StatusText(statusCode))
}
resultErr.StatusCode = statusCode
return &resultErr
}
func parseError(r *http.Response) error {
var rsp response
if r.Header.Get("Content-Type") != "application/json" {
return fmt.Errorf("server error: %q", r.Status)
}
dec := json.NewDecoder(r.Body)
if err := dec.Decode(&rsp); err != nil {
return fmt.Errorf("cannot unmarshal error: %v", err)
}
err := rsp.err(nil, r.StatusCode)
if err == nil {
return fmt.Errorf("server error: %q", r.Status)
}
return err
}
// SysInfo gets system information from the REST API.
func (client *Client) SysInfo() (*SysInfo, error) {
var sysInfo SysInfo
if _, err := client.doSync("GET", "/v2/system-info", nil, nil, nil, &sysInfo); err != nil {
return nil, fmt.Errorf("cannot obtain system details: %v", err)
}
return &sysInfo, nil
}
// CreateUserResult holds the result of a user creation.
type CreateUserResult struct {
Username string `json:"username"`
SSHKeys []string `json:"ssh-keys"`
}
// CreateUserOptions holds options for creating a local system user.
//
// If Known is false, the provided email is used to query the store for
// username and SSH key details.
//
// If Known is true, the user will be created by looking through existing
// system-user assertions and looking for a matching email. If Email is
// empty then all such assertions are considered and multiple users may
// be created.
type CreateUserOptions struct {
Email string `json:"email,omitempty"`
Sudoer bool `json:"sudoer,omitempty"`
Known bool `json:"known,omitempty"`
ForceManaged bool `json:"force-managed,omitempty"`
}
// CreateUser creates a local system user. See CreateUserOptions for details.
func (client *Client) CreateUser(options *CreateUserOptions) (*CreateUserResult, error) {
if options.Email == "" {
return nil, fmt.Errorf("cannot create a user without providing an email")
}
var result CreateUserResult
data, err := json.Marshal(options)
if err != nil {
return nil, err
}
if _, err := client.doSync("POST", "/v2/create-user", nil, nil, bytes.NewReader(data), &result); err != nil {
return nil, fmt.Errorf("while creating user: %v", err)
}
return &result, nil
}
// CreateUsers creates multiple local system users. See CreateUserOptions for details.
//
// Results may be provided even if there are errors.
func (client *Client) CreateUsers(options []*CreateUserOptions) ([]*CreateUserResult, error) {
for _, opts := range options {
if opts.Email == "" && !opts.Known {
return nil, fmt.Errorf("cannot create user from store details without an email to query for")
}
}
var results []*CreateUserResult
var errs []error
for _, opts := range options {
data, err := json.Marshal(opts)
if err != nil {
return nil, err
}
if opts.Email == "" {
var result []*CreateUserResult
if _, err := client.doSync("POST", "/v2/create-user", nil, nil, bytes.NewReader(data), &result); err != nil {
errs = append(errs, err)
} else {
results = append(results, result...)
}
} else {
var result *CreateUserResult
if _, err := client.doSync("POST", "/v2/create-user", nil, nil, bytes.NewReader(data), &result); err != nil {
errs = append(errs, err)
} else {
results = append(results, result)
}
}
}
if len(errs) == 1 {
return results, errs[0]
}
if len(errs) > 1 {
var buf bytes.Buffer
for _, err := range errs {
fmt.Fprintf(&buf, "\n- %s", err)
}
return results, fmt.Errorf("while creating users:%s", buf.Bytes())
}
return results, nil
}
// Users returns the local users.
func (client *Client) Users() ([]*User, error) {
var result []*User
if _, err := client.doSync("GET", "/v2/users", nil, nil, nil, &result); err != nil {
return nil, fmt.Errorf("while getting users: %v", err)
}
return result, nil
}
type debugAction struct {
Action string `json:"action"`
Params interface{} `json:"params,omitempty"`
}
// Debug is only useful when writing test code, it will trigger
// an internal action with the given parameters.
func (client *Client) Debug(action string, params interface{}, result interface{}) error {
body, err := json.Marshal(debugAction{
Action: action,
Params: params,
})
if err != nil {
return err
}
_, err = client.doSync("POST", "/v2/debug", nil, nil, bytes.NewReader(body), result)
return err
}
func (client *Client) DebugGet(aspect string, result interface{}, params map[string]string) error {
urlParams := url.Values{"aspect": []string{aspect}}
for k, v := range params {
urlParams.Set(k, v)
}
_, err := client.doSync("GET", "/v2/debug", urlParams, nil, nil, &result)
return err
}