From 9ba8056ae5fb24b94d78543f695122f4c6b71664 Mon Sep 17 00:00:00 2001 From: Mike Landau Date: Wed, 20 Sep 2023 14:17:24 -0700 Subject: [PATCH 1/4] [runx] Use same cache location as auth pkg --- pkg/sandbox/runx/impl/httpcacher/defaults.go | 14 ++++++++++---- pkg/sandbox/runx/impl/httpcacher/httpcacher.go | 2 +- pkg/sandbox/runx/impl/install.go | 10 +++++++--- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/pkg/sandbox/runx/impl/httpcacher/defaults.go b/pkg/sandbox/runx/impl/httpcacher/defaults.go index b80a931e..ed2578e8 100644 --- a/pkg/sandbox/runx/impl/httpcacher/defaults.go +++ b/pkg/sandbox/runx/impl/httpcacher/defaults.go @@ -1,12 +1,11 @@ package httpcacher import ( + "os" "path/filepath" - - "github.com/adrg/xdg" ) -const xdgSubdir = "jetpack.io/http" +const xdgSubdir = "go.jetpack.io/http" // It's important to note that with the current implementation, the cache // must be a private cache: we're doing nothing to filter out requests/responses @@ -16,4 +15,11 @@ const xdgSubdir = "jetpack.io/http" // TODO: consider supporting a shared cache. Consider changing the default caching // directory structure, to separate the private cache from the shared cache (which // could be copied between machines). -var defaultCacheDir = filepath.Join(xdg.CacheHome, xdgSubdir) + +func defaultCacheDir() string { + cacheHome, err := os.UserCacheDir() + if err != nil { + cacheHome = "~/.cache" + } + return filepath.Join(cacheHome, xdgSubdir) +} diff --git a/pkg/sandbox/runx/impl/httpcacher/httpcacher.go b/pkg/sandbox/runx/impl/httpcacher/httpcacher.go index d40258b8..96957236 100644 --- a/pkg/sandbox/runx/impl/httpcacher/httpcacher.go +++ b/pkg/sandbox/runx/impl/httpcacher/httpcacher.go @@ -17,7 +17,7 @@ import "net/http" // It could even implement state-while-revalidate type of logic on the client // side: https://developer.mozilla.org/en-US/docs/Web/API/Request/cache -var DefaultClient = NewClient(defaultCacheDir) +var DefaultClient = NewClient(defaultCacheDir()) func NewClient(cacheDir string) *http.Client { return newTransport(cacheDir).Client() diff --git a/pkg/sandbox/runx/impl/install.go b/pkg/sandbox/runx/impl/install.go index 2cf0b67e..3976ba4f 100644 --- a/pkg/sandbox/runx/impl/install.go +++ b/pkg/sandbox/runx/impl/install.go @@ -2,14 +2,14 @@ package impl import ( "context" + "os" "path/filepath" - "github.com/adrg/xdg" "go.jetpack.io/pkg/sandbox/runx/impl/registry" "go.jetpack.io/pkg/sandbox/runx/impl/types" ) -var xdgInstallationSubdir = "jetpack.io/pkgs" +var xdgInstallationSubdir = "go.jetpack.io/pkgs" func Install(pkgs ...string) ([]string, error) { refs := []types.PkgRef{} @@ -38,7 +38,11 @@ func install(pkgs ...types.PkgRef) ([]string, error) { } func installOne(ref types.PkgRef) (string, error) { - rootDir := filepath.Join(xdg.CacheHome, xdgInstallationSubdir) + cacheDir, err := os.UserCacheDir() + if err != nil { + cacheDir = "~/.cache" + } + rootDir := filepath.Join(cacheDir, xdgInstallationSubdir) reg, err := registry.NewLocalRegistry(rootDir) if err != nil { return "", err From 5b9b84e369144b16b9c07c04e14ff9528abcccd8 Mon Sep 17 00:00:00 2001 From: Mike Landau Date: Wed, 20 Sep 2023 15:08:56 -0700 Subject: [PATCH 2/4] [envsec] Use same cache location as auth --- envsec/internal/awsfed/awsfed.go | 20 ++++++++++++++++---- envsec/internal/filecache/filecache.go | 17 +++++++++-------- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/envsec/internal/awsfed/awsfed.go b/envsec/internal/awsfed/awsfed.go index 5e530f05..3e9c4fb1 100644 --- a/envsec/internal/awsfed/awsfed.go +++ b/envsec/internal/awsfed/awsfed.go @@ -2,6 +2,7 @@ package awsfed import ( "context" + "crypto/md5" "encoding/json" "fmt" @@ -12,7 +13,7 @@ import ( "go.jetpack.io/pkg/sandbox/auth/session" ) -const cacheKey = "awsfed" +const cacheKeyPrefix = "awsfed" type AWSFed struct { AccountID string @@ -39,8 +40,8 @@ func (a *AWSFed) AWSCreds( ctx context.Context, tok *session.Token, ) (*types.Credentials, error) { - cache := filecache.New("envsec") - if cachedCreds, err := cache.Get(cacheKey); err == nil { + cache := filecache.New("go.jetpack.io/envsec") + if cachedCreds, err := cache.Get(cacheKey(tok)); err == nil { var creds types.Credentials if err := json.Unmarshal(cachedCreds, &creds); err == nil { return &creds, nil @@ -86,7 +87,7 @@ func (a *AWSFed) AWSCreds( if creds, err := json.Marshal(output.Credentials); err != nil { return nil, err } else if err := cache.SetT( - cacheKey, + cacheKey(tok), creds, *output.Credentials.Expiration, ); err != nil { @@ -95,3 +96,14 @@ func (a *AWSFed) AWSCreds( return output.Credentials, nil } + +func cacheKey(t *session.Token) string { + id := "" + if claims := t.IDClaims(); claims != nil && claims.OrgID != "" { + id = claims.OrgID + } else { + id = fmt.Sprintf("%x", md5.Sum([]byte(t.IDToken))) + } + + return fmt.Sprintf("%s-%s", cacheKeyPrefix, id) +} diff --git a/envsec/internal/filecache/filecache.go b/envsec/internal/filecache/filecache.go index d0646b52..d0e75fe3 100644 --- a/envsec/internal/filecache/filecache.go +++ b/envsec/internal/filecache/filecache.go @@ -8,20 +8,17 @@ import ( "time" "github.com/pkg/errors" - "go.jetpack.io/envsec/internal/xdg" ) var NotFound = errors.New("not found") var Expired = errors.New("expired") -const prefix = "filecache-" - type cache struct { - appName string + domain string } -func New(appName string) *cache { - return &cache{appName: appName} +func New(domain string) *cache { + return &cache{domain: domain} } type data struct { @@ -68,7 +65,11 @@ func (c *cache) Get(key string) ([]byte, error) { } func (c *cache) filename(key string) string { - dir := xdg.CacheSubpath(c.appName) + cacheDir, err := os.UserCacheDir() + if err != nil { + cacheDir = "~/.cache" + } + dir := filepath.Join(cacheDir, c.domain) _ = os.MkdirAll(dir, 0755) - return xdg.CacheSubpath(filepath.Join(c.appName, prefix+key)) + return filepath.Join(dir, key) } From ff97eac76e87835013e500865deff146ee3196c2 Mon Sep 17 00:00:00 2001 From: Mike Landau Date: Wed, 20 Sep 2023 15:11:30 -0700 Subject: [PATCH 3/4] Go mod sync and removed xdg pkg --- envsec/internal/xdg/xdg.go | 44 -------------------------------------- go.work.sum | 2 +- pkg/go.mod | 1 - pkg/go.sum | 4 ---- 4 files changed, 1 insertion(+), 50 deletions(-) delete mode 100644 envsec/internal/xdg/xdg.go diff --git a/envsec/internal/xdg/xdg.go b/envsec/internal/xdg/xdg.go deleted file mode 100644 index 7f543bd6..00000000 --- a/envsec/internal/xdg/xdg.go +++ /dev/null @@ -1,44 +0,0 @@ -// Copyright 2023 Jetpack Technologies Inc and contributors. All rights reserved. -// Use of this source code is governed by the license in the LICENSE file. - -package xdg - -import ( - "os" - "path/filepath" -) - -func DataSubpath(subpath string) string { - return filepath.Join(dataDir(), subpath) -} - -func ConfigSubpath(subpath string) string { - return filepath.Join(configDir(), subpath) -} - -func CacheSubpath(subpath string) string { - return filepath.Join(cacheDir(), subpath) -} - -func StateSubpath(subpath string) string { - return filepath.Join(stateDir(), subpath) -} - -func dataDir() string { return resolveDir("XDG_DATA_HOME", ".local/share") } -func configDir() string { return resolveDir("XDG_CONFIG_HOME", ".config") } -func cacheDir() string { return resolveDir("XDG_CACHE_HOME", ".cache") } -func stateDir() string { return resolveDir("XDG_STATE_HOME", ".local/state") } - -func resolveDir(envvar string, defaultPath string) string { - dir := os.Getenv(envvar) - if dir != "" { - return dir - } - - home, err := os.UserHomeDir() - if err != nil { - home = "~" - } - - return filepath.Join(home, defaultPath) -} diff --git a/go.work.sum b/go.work.sum index e022ce5d..80821468 100644 --- a/go.work.sum +++ b/go.work.sum @@ -3,6 +3,7 @@ cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1h cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/CloudyKit/fastprinter v0.0.0-20200109182630-33d98a066a53/go.mod h1:+3IMCy2vIlbG1XG/0ggNQv0SvxCAIpPM5b1nCz56Xno= +github.com/adrg/xdg v0.4.0 h1:RzRqFcjH4nE5C6oTAxhBtoE2IRyjBSa62SCbyPidvls= github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= github.com/cloudflare/ahocorasick v0.0.0-20210425175752-730270c3e184/go.mod h1:tGWUZLZp9ajsxUOnHmFFLnqnlKXsCn6GReG4jAD59H0= @@ -50,7 +51,6 @@ github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV github.com/yosssi/ace v0.0.5/go.mod h1:ALfIzm2vT7t5ZE7uoIZqF3TQ7SAOyupFZnkrF5id+K0= github.com/yuin/goldmark v1.4.13 h1:fVcFKWvrslecOb/tg+Cc05dkeYx540o0FuFt3nUVDoE= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.jetpack.io/pkg v0.0.0-20230915205515-567047de7b30/go.mod h1:6RVzBortLFlql8s8oKJTX2+H7DDzp8Lr7wiIOI3FauU= golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= diff --git a/pkg/go.mod b/pkg/go.mod index 75e0320d..d18778c0 100644 --- a/pkg/go.mod +++ b/pkg/go.mod @@ -3,7 +3,6 @@ module go.jetpack.io/pkg go 1.20 require ( - github.com/adrg/xdg v0.4.0 github.com/cavaliergopher/grab/v3 v3.0.1 github.com/codeclysm/extract v2.2.0+incompatible github.com/coreos/go-oidc/v3 v3.6.0 diff --git a/pkg/go.sum b/pkg/go.sum index 6e5d7f70..3eaa888e 100644 --- a/pkg/go.sum +++ b/pkg/go.sum @@ -1,7 +1,5 @@ github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA= github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= -github.com/adrg/xdg v0.4.0 h1:RzRqFcjH4nE5C6oTAxhBtoE2IRyjBSa62SCbyPidvls= -github.com/adrg/xdg v0.4.0/go.mod h1:N6ag73EX4wyxeaoeHctc1mas01KZgsj5tYiAIwqJE/E= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cavaliergopher/grab/v3 v3.0.1 h1:4z7TkBfmPjmLAAmkkAZNX/6QJ1nNFdv3SdIHXju0Fr4= github.com/cavaliergopher/grab/v3 v3.0.1/go.mod h1:1U/KNnD+Ft6JJiYoYBAimKH2XrYptb8Kl3DFGmsjpq4= @@ -85,7 +83,6 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -106,7 +103,6 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= From 8265715a06cae112b3e1cb38580d3e9f92ef6d4d Mon Sep 17 00:00:00 2001 From: Mike Landau Date: Wed, 20 Sep 2023 16:23:55 -0700 Subject: [PATCH 4/4] Requested changes --- envsec/internal/awsfed/awsfed.go | 6 +++--- pkg/sandbox/auth/auth.go | 2 +- pkg/sandbox/runx/impl/httpcacher/defaults.go | 2 +- pkg/sandbox/runx/impl/install.go | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/envsec/internal/awsfed/awsfed.go b/envsec/internal/awsfed/awsfed.go index 3e9c4fb1..b42e85df 100644 --- a/envsec/internal/awsfed/awsfed.go +++ b/envsec/internal/awsfed/awsfed.go @@ -2,7 +2,7 @@ package awsfed import ( "context" - "crypto/md5" + "crypto/sha256" "encoding/json" "fmt" @@ -40,7 +40,7 @@ func (a *AWSFed) AWSCreds( ctx context.Context, tok *session.Token, ) (*types.Credentials, error) { - cache := filecache.New("go.jetpack.io/envsec") + cache := filecache.New("jetpack.io/envsec") if cachedCreds, err := cache.Get(cacheKey(tok)); err == nil { var creds types.Credentials if err := json.Unmarshal(cachedCreds, &creds); err == nil { @@ -102,7 +102,7 @@ func cacheKey(t *session.Token) string { if claims := t.IDClaims(); claims != nil && claims.OrgID != "" { id = claims.OrgID } else { - id = fmt.Sprintf("%x", md5.Sum([]byte(t.IDToken))) + id = fmt.Sprintf("%x", sha256.Sum256([]byte(t.IDToken))) } return fmt.Sprintf("%s-%s", cacheKeyPrefix, id) diff --git a/pkg/sandbox/auth/auth.go b/pkg/sandbox/auth/auth.go index 7f4cc0a0..a626aa5b 100644 --- a/pkg/sandbox/auth/auth.go +++ b/pkg/sandbox/auth/auth.go @@ -36,7 +36,7 @@ func storeDir() string { if err != nil { cacheDir = "~/.cache" } - return filepath.Join(cacheDir, "go.jetpack.io", "auth") + return filepath.Join(cacheDir, "jetpack.io", "auth") } func (c *Client) LoginFlow() (*session.Token, error) { diff --git a/pkg/sandbox/runx/impl/httpcacher/defaults.go b/pkg/sandbox/runx/impl/httpcacher/defaults.go index ed2578e8..e5bf7d84 100644 --- a/pkg/sandbox/runx/impl/httpcacher/defaults.go +++ b/pkg/sandbox/runx/impl/httpcacher/defaults.go @@ -5,7 +5,7 @@ import ( "path/filepath" ) -const xdgSubdir = "go.jetpack.io/http" +const xdgSubdir = "jetpack.io/http" // It's important to note that with the current implementation, the cache // must be a private cache: we're doing nothing to filter out requests/responses diff --git a/pkg/sandbox/runx/impl/install.go b/pkg/sandbox/runx/impl/install.go index 3976ba4f..01219dbf 100644 --- a/pkg/sandbox/runx/impl/install.go +++ b/pkg/sandbox/runx/impl/install.go @@ -9,7 +9,7 @@ import ( "go.jetpack.io/pkg/sandbox/runx/impl/types" ) -var xdgInstallationSubdir = "go.jetpack.io/pkgs" +var xdgInstallationSubdir = "jetpack.io/pkgs" func Install(pkgs ...string) ([]string, error) { refs := []types.PkgRef{}