-
Notifications
You must be signed in to change notification settings - Fork 124
/
s3_put.go
583 lines (494 loc) · 19.3 KB
/
s3_put.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
package command
import (
"context"
"fmt"
"net/http"
"os"
"path/filepath"
"strconv"
"strings"
"time"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/endpoints"
"github.com/aws/aws-sdk-go/service/s3"
"github.com/evergreen-ci/evergreen/agent/internal"
"github.com/evergreen-ci/evergreen/agent/internal/client"
agentutil "github.com/evergreen-ci/evergreen/agent/util"
"github.com/evergreen-ci/evergreen/model/artifact"
"github.com/evergreen-ci/evergreen/util"
"github.com/evergreen-ci/pail"
"github.com/evergreen-ci/utility"
"github.com/mitchellh/mapstructure"
"github.com/mongodb/grip"
"github.com/pkg/errors"
)
// s3pc is a command to put a resource to an S3 bucket and download it to
// the local machine.
type s3put struct {
// AwsKey, AwsSecret, and AwsSessionToken are the user's credentials for
// authenticating interactions with S3.
AwsKey string `mapstructure:"aws_key" plugin:"expand"`
AwsSecret string `mapstructure:"aws_secret" plugin:"expand"`
AwsSessionToken string `mapstructure:"aws_session_token" plugin:"expand"`
// LocalFile is the local filepath to the file the user
// wishes to store in S3.
LocalFile string `mapstructure:"local_file" plugin:"expand"`
// LocalFilesIncludeFilter is an array of expressions that specify what files should be
// included in this upload.
LocalFilesIncludeFilter []string `mapstructure:"local_files_include_filter" plugin:"expand"`
// LocalFilesIncludeFilterPrefix is an optional path to start processing the LocalFilesIncludeFilter, relative to the working directory.
LocalFilesIncludeFilterPrefix string `mapstructure:"local_files_include_filter_prefix" plugin:"expand"`
// RemoteFile is the filepath to store the file to,
// within an S3 bucket. Is a prefix when multiple files are uploaded via LocalFilesIncludeFilter.
RemoteFile string `mapstructure:"remote_file" plugin:"expand"`
// PreservePath, when set to true, causes multi part uploads uploaded with LocalFilesIncludeFilter to
// preserve the original folder structure instead of putting all the files into the same folder
PreservePath string ` mapstructure:"preserve_path" plugin:"expand"`
// Region is the S3 region where the bucket is located. It defaults to
// "us-east-1".
Region string `mapstructure:"region" plugin:"region"`
// Bucket is the s3 bucket to use when storing the desired file.
Bucket string `mapstructure:"bucket" plugin:"expand"`
// Permissions is the ACL to apply to the uploaded file. See:
// http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
// for some examples.
Permissions string `mapstructure:"permissions"`
// ContentType is the MIME type of the uploaded file.
// E.g. text/html, application/pdf, image/jpeg, ...
ContentType string `mapstructure:"content_type" plugin:"expand"`
// BuildVariants stores a list of build variants to run the command for.
// If the list is empty, it runs for all build variants.
BuildVariants []string `mapstructure:"build_variants"`
// ResourceDisplayName stores the name of the file that is linked. Is a prefix when
// to the matched file name when multiple files are uploaded.
ResourceDisplayName string `mapstructure:"display_name" plugin:"expand"`
// Visibility determines who can see file links in the UI.
// Visibility can be set to either:
// "private", which allows logged-in users to see the file;
// "public", which allows anyone to see the file; or
// "none", which hides the file from the UI for everybody.
// "signed" which grants access to private S3 objects to logged-in users
// If unset, the file will be public.
Visibility string `mapstructure:"visibility" plugin:"expand"`
// Optional, when set to true, causes this command to be skipped over without an error when
// the path specified in local_file does not exist. Defaults to false, which triggers errors
// for missing files.
Optional string `mapstructure:"optional" plugin:"expand"`
// Patchable defaults to true. If set to false, this command will noop without error for patch tasks.
Patchable string `mapstructure:"patchable" plugin:"patchable"`
// PatchOnly defaults to false. If set to true, this command will noop without error for non-patch tasks.
PatchOnly string `mapstructure:"patch_only" plugin:"patch_only"`
// SkipExisting, when set to true, will not upload files if they already exist in s3.
SkipExisting string `mapstructure:"skip_existing" plugin:"expand"`
// workDir sets the working directory relative to which s3put should look for files to upload.
// workDir will be empty if an absolute path is provided to the file.
workDir string
skipMissing bool
preservePath bool
skipExistingBool bool
isPatchable bool
isPatchOnly bool
bucket pail.Bucket
taskdata client.TaskData
base
}
// NotFound is returned by S3 when an object does not exist.
const notFoundError = "NotFound"
func s3PutFactory() Command { return &s3put{} }
func (s3pc *s3put) Name() string { return "s3.put" }
// s3put-specific implementation of ParseParams.
func (s3pc *s3put) ParseParams(params map[string]interface{}) error {
decoder, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
WeaklyTypedInput: true,
Result: s3pc,
})
if err != nil {
return errors.Wrap(err, "initializing mapstructure decoder")
}
if err := decoder.Decode(params); err != nil {
return errors.Wrap(err, "decoding mapstructure params")
}
return s3pc.validate()
}
func (s3pc *s3put) validate() error {
catcher := grip.NewSimpleCatcher()
// make sure the command params are valid
if s3pc.AwsKey == "" {
catcher.New("AWS key cannot be blank")
}
if s3pc.AwsSecret == "" {
catcher.New("AWS secret cannot be blank")
}
catcher.NewWhen(s3pc.AwsSessionToken != "" && s3pc.Visibility == artifact.Signed, "cannot use temporary AWS credentials with signed link visibility")
if s3pc.LocalFile == "" && !s3pc.isMulti() {
catcher.New("local file and local files include filter cannot both be blank")
}
if s3pc.LocalFile != "" && s3pc.isMulti() {
catcher.New("local file and local files include filter cannot both be specified")
}
if s3pc.PreservePath != "" && !s3pc.isMulti() {
catcher.New("preserve path can only be used with local files include filter")
}
if s3pc.skipMissing && s3pc.isMulti() {
catcher.New("cannot use optional with local files include filter as by default it is optional")
}
if s3pc.RemoteFile == "" {
catcher.New("remote file cannot be blank")
}
if s3pc.ContentType == "" {
catcher.New("content type cannot be blank")
}
if s3pc.isMulti() && filepath.IsAbs(s3pc.LocalFile) {
catcher.New("cannot use absolute path with local files include filter")
}
if s3pc.Visibility == artifact.Signed && (s3pc.Permissions == s3.BucketCannedACLPublicRead || s3pc.Permissions == s3.BucketCannedACLPublicReadWrite) {
catcher.New("visibility: signed should not be combined with permissions: public-read or permissions: public-read-write")
}
if !utility.StringSliceContains(artifact.ValidVisibilities, s3pc.Visibility) {
catcher.Errorf("invalid visibility setting '%s', allowed visibilities are: %s", s3pc.Visibility, artifact.ValidVisibilities)
}
if s3pc.Region == "" {
s3pc.Region = endpoints.UsEast1RegionID
}
// make sure the bucket is valid
if err := validateS3BucketName(s3pc.Bucket); err != nil {
catcher.Wrapf(err, "invalid bucket name '%s'", s3pc.Bucket)
}
// make sure the s3 permissions are valid
if !validS3Permissions(s3pc.Permissions) {
catcher.Errorf("invalid permissions '%s'", s3pc.Permissions)
}
return catcher.Resolve()
}
// Apply the expansions from the relevant task config
// to all appropriate fields of the s3put.
func (s3pc *s3put) expandParams(conf *internal.TaskConfig) error {
var err error
if err = util.ExpandValues(s3pc, &conf.Expansions); err != nil {
return errors.Wrap(err, "applying expansions")
}
if s3pc.AwsSessionToken != "" && s3pc.Visibility == artifact.Signed {
return errors.New("cannot use temporary AWS credentials with a signed link visibility")
}
s3pc.workDir = conf.WorkDir
if filepath.IsAbs(s3pc.LocalFile) {
s3pc.workDir = ""
}
if s3pc.Optional != "" {
s3pc.skipMissing, err = strconv.ParseBool(s3pc.Optional)
if err != nil {
return errors.Wrap(err, "parsing optional parameter as a boolean")
}
}
if s3pc.PreservePath != "" {
s3pc.preservePath, err = strconv.ParseBool(s3pc.PreservePath)
if err != nil {
return errors.Wrap(err, "parsing preserve path parameter as a boolean")
}
}
if s3pc.SkipExisting != "" {
s3pc.skipExistingBool, err = strconv.ParseBool(s3pc.SkipExisting)
if err != nil {
return errors.Wrap(err, "parsing skip existing parameter as a boolean")
}
}
if s3pc.PatchOnly != "" {
s3pc.isPatchOnly, err = strconv.ParseBool(s3pc.PatchOnly)
if err != nil {
return errors.Wrap(err, "parsing patch only parameter as a boolean")
}
}
s3pc.isPatchable = true
if s3pc.Patchable != "" {
s3pc.isPatchable, err = strconv.ParseBool(s3pc.Patchable)
if err != nil {
return errors.Wrap(err, "parsing patchable parameter as a boolean")
}
}
return nil
}
// isMulti returns whether or not this using the multiple file upload
// capability of the Put command.
func (s3pc *s3put) isMulti() bool {
return (len(s3pc.LocalFilesIncludeFilter) != 0)
}
func (s3pc *s3put) shouldRunForVariant(buildVariantName string) bool {
//No buildvariant filter, so run always
if len(s3pc.BuildVariants) == 0 {
return true
}
//Only run if the buildvariant specified appears in our list.
return utility.StringSliceContains(s3pc.BuildVariants, buildVariantName)
}
// Implementation of Execute. Expands the parameters, and then puts the
// resource to s3.
func (s3pc *s3put) Execute(ctx context.Context,
comm client.Communicator, logger client.LoggerProducer, conf *internal.TaskConfig) error {
// expand necessary params
if err := s3pc.expandParams(conf); err != nil {
return errors.WithStack(err)
}
// re-validate command here, in case an expansion is not defined
if err := s3pc.validate(); err != nil {
return errors.Wrap(err, "validating expanded parameters")
}
if conf.Task.IsPatchRequest() && !s3pc.isPatchable {
logger.Task().Infof("Skipping command '%s' because it is not patchable and this task is part of a patch.", s3pc.Name())
return nil
}
if !conf.Task.IsPatchRequest() && s3pc.isPatchOnly {
logger.Task().Infof("Skipping command '%s' because the command is patch only and this task is not part of a patch.", s3pc.Name())
return nil
}
// create pail bucket
httpClient := utility.GetHTTPClient()
httpClient.Timeout = s3HTTPClientTimeout
defer utility.PutHTTPClient(httpClient)
if err := s3pc.createPailBucket(httpClient); err != nil {
return errors.Wrap(err, "connecting to S3")
}
if err := s3pc.bucket.Check(ctx); err != nil {
return errors.Wrap(err, "checking bucket")
}
s3pc.taskdata = client.TaskData{ID: conf.Task.Id, Secret: conf.Task.Secret}
if !s3pc.shouldRunForVariant(conf.BuildVariant.Name) {
logger.Task().Infof("Skipping S3 put of local file '%s' for variant '%s'.",
s3pc.LocalFile, conf.BuildVariant.Name)
return nil
}
if s3pc.isPrivate(s3pc.Visibility) {
logger.Task().Infof("Putting private files into S3.")
} else {
if s3pc.isMulti() {
logger.Task().Infof("Putting files matching filter '%s' into path '%s' in S3 bucket '%s'.",
s3pc.LocalFilesIncludeFilter, s3pc.RemoteFile, s3pc.Bucket)
} else if s3pc.isPublic() {
logger.Task().Infof("Putting local file '%s' into path '%s/%s' (%s).", s3pc.LocalFile, s3pc.Bucket, s3pc.RemoteFile, agentutil.S3DefaultURL(s3pc.Bucket, s3pc.RemoteFile))
} else {
logger.Task().Infof("Putting local file '%s' into '%s/%s'.", s3pc.LocalFile, s3pc.Bucket, s3pc.RemoteFile)
}
}
errChan := make(chan error)
go func() {
err := errors.WithStack(s3pc.putWithRetry(ctx, comm, logger))
select {
case errChan <- err:
return
case <-ctx.Done():
logger.Task().Infof("Context canceled waiting for s3 put: %s.", ctx.Err())
return
}
}()
select {
case err := <-errChan:
return err
case <-ctx.Done():
logger.Execution().Infof("Canceled while running command '%s': %s.", s3pc.Name(), ctx.Err())
return nil
}
}
// Wrapper around the Put() function to retry it.
func (s3pc *s3put) putWithRetry(ctx context.Context, comm client.Communicator, logger client.LoggerProducer) error {
backoffCounter := getS3OpBackoff()
var (
err error
uploadedFiles []string
filesList []string
)
timer := time.NewTimer(0)
defer timer.Stop()
retryLoop:
for i := 1; i <= maxS3OpAttempts; i++ {
if s3pc.isPrivate(s3pc.Visibility) {
logger.Task().Infof("Performing S3 put of a private file.")
} else {
logger.Task().Infof("Performing S3 put to file '%s' in bucket '%s' (attempt %d of %d).",
s3pc.RemoteFile, s3pc.Bucket,
i, maxS3OpAttempts)
}
select {
case <-ctx.Done():
return errors.Errorf("canceled while running command '%s'", s3pc.Name())
case <-timer.C:
filesList = []string{s3pc.LocalFile}
if s3pc.isMulti() {
workDir := filepath.Join(s3pc.workDir, s3pc.LocalFilesIncludeFilterPrefix)
include := utility.NewGitIgnoreFileMatcher(workDir, s3pc.LocalFilesIncludeFilter...)
b := utility.FileListBuilder{
WorkingDir: workDir,
Include: include,
}
filesList, err = b.Build()
if err != nil {
return errors.Wrapf(err, "processing local files include filter '%s'",
strings.Join(s3pc.LocalFilesIncludeFilter, " "))
}
if len(filesList) == 0 {
logger.Task().Infof("File filter '%s' matched no files.", strings.Join(s3pc.LocalFilesIncludeFilter, " "))
return nil
}
}
// reset to avoid duplicated uploaded references
uploadedFiles = []string{}
uploadLoop:
for _, fpath := range filesList {
if err := ctx.Err(); err != nil {
return errors.Wrapf(err, "canceled while processing file '%s'", fpath)
}
remoteName := s3pc.RemoteFile
if s3pc.isMulti() {
if s3pc.preservePath {
remoteName = filepath.Join(s3pc.RemoteFile, fpath)
} else {
// put all files in the same directory
fname := filepath.Base(fpath)
remoteName = fmt.Sprintf("%s%s", s3pc.RemoteFile, fname)
}
}
fpath = filepath.Join(filepath.Join(s3pc.workDir, s3pc.LocalFilesIncludeFilterPrefix), fpath)
if s3pc.skipExistingBool {
exists, err := s3pc.remoteFileExists(remoteName)
if err != nil {
return errors.Wrapf(err, "checking if file '%s' exists", remoteName)
}
if exists {
logger.Task().Infof("Not uploading file '%s' because remote file '%s' already exists. Continuing to upload other files.", fpath, remoteName)
continue uploadLoop
}
}
err = s3pc.bucket.Upload(ctx, remoteName, fpath)
if err != nil {
// retry errors other than "file doesn't exist", which we handle differently based on what
// kind of upload it is
if os.IsNotExist(errors.Cause(err)) {
if s3pc.isMulti() {
// try the remaining multi uploads in the group, effectively ignoring this
// error.
logger.Task().Infof("File '%s' not found, but continuing to upload other files.", fpath)
continue uploadLoop
} else if s3pc.skipMissing {
// single optional file uploads should return early.
logger.Task().Infof("File '%s' not found and skip missing is true, exiting without error.", fpath)
return nil
} else {
// single required uploads should return an error asap.
return errors.Wrapf(err, "missing file '%s'", fpath)
}
}
// in all other cases, log an error and retry after an interval.
logger.Task().Error(errors.WithMessage(err, "putting S3 file"))
timer.Reset(backoffCounter.Duration())
continue retryLoop
}
if s3pc.preservePath {
uploadedFiles = append(uploadedFiles, remoteName)
} else {
uploadedFiles = append(uploadedFiles, fpath)
}
}
break retryLoop
}
}
if len(uploadedFiles) == 0 && s3pc.skipMissing {
logger.Task().Info("S3 put uploaded no files")
return nil
}
err = errors.WithStack(s3pc.attachFiles(ctx, comm, logger, uploadedFiles, s3pc.RemoteFile))
if err != nil {
return err
}
logger.Task().WarningWhen(strings.Contains(s3pc.Bucket, "."), "Bucket names containing dots that are created after Sept. 30, 2020 are not guaranteed to have valid attached URLs.")
if len(uploadedFiles) != len(filesList) && !s3pc.skipMissing {
logger.Task().Infof("Attempted to upload %d files, %d successfully uploaded.", len(filesList), len(uploadedFiles))
return errors.Errorf("uploaded %d files of %d requested", len(uploadedFiles), len(filesList))
}
return nil
}
// attachTaskFiles is responsible for sending the
// specified file to the API Server. Does not support multiple file putting.
func (s3pc *s3put) attachFiles(ctx context.Context, comm client.Communicator, logger client.LoggerProducer, localFiles []string, remoteFile string) error {
files := []*artifact.File{}
for _, fn := range localFiles {
remoteFileName := filepath.ToSlash(remoteFile)
if s3pc.isMulti() {
if s3pc.preservePath {
remoteFileName = fn
} else {
remoteFileName = fmt.Sprintf("%s%s", remoteFile, filepath.Base(fn))
}
}
fileLink := agentutil.S3DefaultURL(s3pc.Bucket, remoteFileName)
displayName := s3pc.ResourceDisplayName
if displayName == "" {
displayName = filepath.Base(fn)
} else if s3pc.isMulti() {
displayName = fmt.Sprintf("%s %s", s3pc.ResourceDisplayName, filepath.Base(fn))
}
var key, secret, bucket, fileKey string
if s3pc.Visibility == artifact.Signed {
key = s3pc.AwsKey
secret = s3pc.AwsSecret
bucket = s3pc.Bucket
fileKey = remoteFileName
}
files = append(files, &artifact.File{
Name: displayName,
Link: fileLink,
Visibility: s3pc.Visibility,
AwsKey: key,
AwsSecret: secret,
Bucket: bucket,
FileKey: fileKey,
ContentType: s3pc.ContentType,
})
}
err := comm.AttachFiles(ctx, s3pc.taskdata, files)
if err != nil {
return errors.Wrap(err, "attaching files")
}
return nil
}
func (s3pc *s3put) createPailBucket(httpClient *http.Client) error {
if s3pc.bucket != nil {
return nil
}
opts := pail.S3Options{
Credentials: pail.CreateAWSCredentials(s3pc.AwsKey, s3pc.AwsSecret, s3pc.AwsSessionToken),
Region: s3pc.Region,
Name: s3pc.Bucket,
Permissions: pail.S3Permissions(s3pc.Permissions),
ContentType: s3pc.ContentType,
}
bucket, err := pail.NewS3MultiPartBucketWithHTTPClient(httpClient, opts)
s3pc.bucket = bucket
return err
}
func (s3pc *s3put) isPrivate(visibility string) bool {
if visibility == artifact.Signed || visibility == artifact.Private || visibility == artifact.None {
return true
}
return false
}
func (s3pc *s3put) isPublic() bool {
return (s3pc.Visibility == "" || s3pc.Visibility == artifact.Public) &&
(s3pc.Permissions == s3.BucketCannedACLPublicRead || s3pc.Permissions == s3.BucketCannedACLPublicReadWrite)
}
func (s3pc *s3put) remoteFileExists(remoteName string) (bool, error) {
requestParams := pail.PreSignRequestParams{
Bucket: s3pc.Bucket,
FileKey: remoteName,
AwsKey: s3pc.AwsKey,
AwsSecret: s3pc.AwsSecret,
AwsSessionToken: s3pc.AwsSessionToken,
Region: s3pc.Region,
}
_, err := pail.GetHeadObject(requestParams)
if err != nil {
if aerr, ok := err.(awserr.Error); ok && aerr.Code() == notFoundError {
return false, nil
} else {
return false, errors.Wrapf(err, "getting head object for remote file '%s'", remoteName)
}
}
return true, nil
}