github.com/r3vit/terraform@v0.11.9-beta1.0.20181016131357-87d05607d3c5/state/remote/http.go (about)

     1  package remote
     2  
     3  import (
     4  	"bytes"
     5  	"crypto/md5"
     6  	"crypto/tls"
     7  	"encoding/base64"
     8  	"encoding/json"
     9  	"fmt"
    10  	"io"
    11  	"io/ioutil"
    12  	"net/http"
    13  	"net/url"
    14  	"strconv"
    15  
    16  	"github.com/hashicorp/terraform/state"
    17  )
    18  
    19  func httpFactory(conf map[string]string) (Client, error) {
    20  	address, ok := conf["address"]
    21  	if !ok {
    22  		return nil, fmt.Errorf("missing 'address' configuration")
    23  	}
    24  
    25  	updateURL, err := url.Parse(address)
    26  	if err != nil {
    27  		return nil, fmt.Errorf("failed to parse address URL: %s", err)
    28  	}
    29  	if updateURL.Scheme != "http" && updateURL.Scheme != "https" {
    30  		return nil, fmt.Errorf("address must be HTTP or HTTPS")
    31  	}
    32  	updateMethod, ok := conf["update_method"]
    33  	if !ok {
    34  		updateMethod = "POST"
    35  	}
    36  
    37  	var lockURL *url.URL
    38  	if lockAddress, ok := conf["lock_address"]; ok {
    39  		var err error
    40  		lockURL, err = url.Parse(lockAddress)
    41  		if err != nil {
    42  			return nil, fmt.Errorf("failed to parse lockAddress URL: %s", err)
    43  		}
    44  		if lockURL.Scheme != "http" && lockURL.Scheme != "https" {
    45  			return nil, fmt.Errorf("lockAddress must be HTTP or HTTPS")
    46  		}
    47  	} else {
    48  		lockURL = nil
    49  	}
    50  	lockMethod, ok := conf["lock_method"]
    51  	if !ok {
    52  		lockMethod = "LOCK"
    53  	}
    54  
    55  	var unlockURL *url.URL
    56  	if unlockAddress, ok := conf["unlock_address"]; ok {
    57  		var err error
    58  		unlockURL, err = url.Parse(unlockAddress)
    59  		if err != nil {
    60  			return nil, fmt.Errorf("failed to parse unlockAddress URL: %s", err)
    61  		}
    62  		if unlockURL.Scheme != "http" && unlockURL.Scheme != "https" {
    63  			return nil, fmt.Errorf("unlockAddress must be HTTP or HTTPS")
    64  		}
    65  	} else {
    66  		unlockURL = nil
    67  	}
    68  	unlockMethod, ok := conf["unlock_method"]
    69  	if !ok {
    70  		unlockMethod = "UNLOCK"
    71  	}
    72  
    73  	client := &http.Client{}
    74  	if skipRaw, ok := conf["skip_cert_verification"]; ok {
    75  		skip, err := strconv.ParseBool(skipRaw)
    76  		if err != nil {
    77  			return nil, fmt.Errorf("skip_cert_verification must be boolean")
    78  		}
    79  		if skip {
    80  			// Replace the client with one that ignores TLS verification
    81  			client = &http.Client{
    82  				Transport: &http.Transport{
    83  					TLSClientConfig: &tls.Config{
    84  						InsecureSkipVerify: true,
    85  					},
    86  				},
    87  			}
    88  		}
    89  	}
    90  
    91  	ret := &HTTPClient{
    92  		URL:          updateURL,
    93  		UpdateMethod: updateMethod,
    94  
    95  		LockURL:      lockURL,
    96  		LockMethod:   lockMethod,
    97  		UnlockURL:    unlockURL,
    98  		UnlockMethod: unlockMethod,
    99  
   100  		Username: conf["username"],
   101  		Password: conf["password"],
   102  
   103  		// accessible only for testing use
   104  		Client: client,
   105  	}
   106  
   107  	return ret, nil
   108  }
   109  
   110  // HTTPClient is a remote client that stores data in Consul or HTTP REST.
   111  type HTTPClient struct {
   112  	// Update & Retrieve
   113  	URL          *url.URL
   114  	UpdateMethod string
   115  
   116  	// Locking
   117  	LockURL      *url.URL
   118  	LockMethod   string
   119  	UnlockURL    *url.URL
   120  	UnlockMethod string
   121  
   122  	// HTTP
   123  	Client   *http.Client
   124  	Username string
   125  	Password string
   126  
   127  	lockID       string
   128  	jsonLockInfo []byte
   129  }
   130  
   131  func (c *HTTPClient) httpRequest(method string, url *url.URL, data *[]byte, what string) (*http.Response, error) {
   132  	// If we have data we need a reader
   133  	var reader io.Reader = nil
   134  	if data != nil {
   135  		reader = bytes.NewReader(*data)
   136  	}
   137  
   138  	// Create the request
   139  	req, err := http.NewRequest(method, url.String(), reader)
   140  	if err != nil {
   141  		return nil, fmt.Errorf("Failed to make %s HTTP request: %s", what, err)
   142  	}
   143  	// Setup basic auth
   144  	if c.Username != "" {
   145  		req.SetBasicAuth(c.Username, c.Password)
   146  	}
   147  
   148  	// Work with data/body
   149  	if data != nil {
   150  		req.Header.Set("Content-Type", "application/json")
   151  		req.ContentLength = int64(len(*data))
   152  
   153  		// Generate the MD5
   154  		hash := md5.Sum(*data)
   155  		b64 := base64.StdEncoding.EncodeToString(hash[:])
   156  		req.Header.Set("Content-MD5", b64)
   157  	}
   158  
   159  	// Make the request
   160  	resp, err := c.Client.Do(req)
   161  	if err != nil {
   162  		return nil, fmt.Errorf("Failed to %s: %v", what, err)
   163  	}
   164  
   165  	return resp, nil
   166  }
   167  
   168  func (c *HTTPClient) Lock(info *state.LockInfo) (string, error) {
   169  	if c.LockURL == nil {
   170  		return "", nil
   171  	}
   172  	c.lockID = ""
   173  
   174  	jsonLockInfo := info.Marshal()
   175  	resp, err := c.httpRequest(c.LockMethod, c.LockURL, &jsonLockInfo, "lock")
   176  	if err != nil {
   177  		return "", err
   178  	}
   179  	defer resp.Body.Close()
   180  
   181  	switch resp.StatusCode {
   182  	case http.StatusOK:
   183  		c.lockID = info.ID
   184  		c.jsonLockInfo = jsonLockInfo
   185  		return info.ID, nil
   186  	case http.StatusUnauthorized:
   187  		return "", fmt.Errorf("HTTP remote state endpoint requires auth")
   188  	case http.StatusForbidden:
   189  		return "", fmt.Errorf("HTTP remote state endpoint invalid auth")
   190  	case http.StatusConflict, http.StatusLocked:
   191  		defer resp.Body.Close()
   192  		body, err := ioutil.ReadAll(resp.Body)
   193  		if err != nil {
   194  			return "", fmt.Errorf("HTTP remote state already locked, failed to read body")
   195  		}
   196  		existing := state.LockInfo{}
   197  		err = json.Unmarshal(body, &existing)
   198  		if err != nil {
   199  			return "", fmt.Errorf("HTTP remote state already locked, failed to unmarshal body")
   200  		}
   201  		return "", fmt.Errorf("HTTP remote state already locked: ID=%s", existing.ID)
   202  	default:
   203  		return "", fmt.Errorf("Unexpected HTTP response code %d", resp.StatusCode)
   204  	}
   205  }
   206  
   207  func (c *HTTPClient) Unlock(id string) error {
   208  	if c.UnlockURL == nil {
   209  		return nil
   210  	}
   211  
   212  	resp, err := c.httpRequest(c.UnlockMethod, c.UnlockURL, &c.jsonLockInfo, "unlock")
   213  	if err != nil {
   214  		return err
   215  	}
   216  	defer resp.Body.Close()
   217  
   218  	switch resp.StatusCode {
   219  	case http.StatusOK:
   220  		return nil
   221  	default:
   222  		return fmt.Errorf("Unexpected HTTP response code %d", resp.StatusCode)
   223  	}
   224  }
   225  
   226  func (c *HTTPClient) Get() (*Payload, error) {
   227  	resp, err := c.httpRequest("GET", c.URL, nil, "get state")
   228  	if err != nil {
   229  		return nil, err
   230  	}
   231  	defer resp.Body.Close()
   232  
   233  	// Handle the common status codes
   234  	switch resp.StatusCode {
   235  	case http.StatusOK:
   236  		// Handled after
   237  	case http.StatusNoContent:
   238  		return nil, nil
   239  	case http.StatusNotFound:
   240  		return nil, nil
   241  	case http.StatusUnauthorized:
   242  		return nil, fmt.Errorf("HTTP remote state endpoint requires auth")
   243  	case http.StatusForbidden:
   244  		return nil, fmt.Errorf("HTTP remote state endpoint invalid auth")
   245  	case http.StatusInternalServerError:
   246  		return nil, fmt.Errorf("HTTP remote state internal server error")
   247  	default:
   248  		return nil, fmt.Errorf("Unexpected HTTP response code %d", resp.StatusCode)
   249  	}
   250  
   251  	// Read in the body
   252  	buf := bytes.NewBuffer(nil)
   253  	if _, err := io.Copy(buf, resp.Body); err != nil {
   254  		return nil, fmt.Errorf("Failed to read remote state: %s", err)
   255  	}
   256  
   257  	// Create the payload
   258  	payload := &Payload{
   259  		Data: buf.Bytes(),
   260  	}
   261  
   262  	// If there was no data, then return nil
   263  	if len(payload.Data) == 0 {
   264  		return nil, nil
   265  	}
   266  
   267  	// Check for the MD5
   268  	if raw := resp.Header.Get("Content-MD5"); raw != "" {
   269  		md5, err := base64.StdEncoding.DecodeString(raw)
   270  		if err != nil {
   271  			return nil, fmt.Errorf(
   272  				"Failed to decode Content-MD5 '%s': %s", raw, err)
   273  		}
   274  
   275  		payload.MD5 = md5
   276  	} else {
   277  		// Generate the MD5
   278  		hash := md5.Sum(payload.Data)
   279  		payload.MD5 = hash[:]
   280  	}
   281  
   282  	return payload, nil
   283  }
   284  
   285  func (c *HTTPClient) Put(data []byte) error {
   286  	// Copy the target URL
   287  	base := *c.URL
   288  
   289  	if c.lockID != "" {
   290  		query := base.Query()
   291  		query.Set("ID", c.lockID)
   292  		base.RawQuery = query.Encode()
   293  	}
   294  
   295  	/*
   296  		// Set the force query parameter if needed
   297  		if force {
   298  			values := base.Query()
   299  			values.Set("force", "true")
   300  			base.RawQuery = values.Encode()
   301  		}
   302  	*/
   303  
   304  	var method string = "POST"
   305  	if c.UpdateMethod != "" {
   306  		method = c.UpdateMethod
   307  	}
   308  	resp, err := c.httpRequest(method, &base, &data, "upload state")
   309  	if err != nil {
   310  		return err
   311  	}
   312  	defer resp.Body.Close()
   313  
   314  	// Handle the error codes
   315  	switch resp.StatusCode {
   316  	case http.StatusOK, http.StatusCreated, http.StatusNoContent:
   317  		return nil
   318  	default:
   319  		return fmt.Errorf("HTTP error: %d", resp.StatusCode)
   320  	}
   321  }
   322  
   323  func (c *HTTPClient) Delete() error {
   324  	// Make the request
   325  	resp, err := c.httpRequest("DELETE", c.URL, nil, "delete state")
   326  	if err != nil {
   327  		return err
   328  	}
   329  	defer resp.Body.Close()
   330  
   331  	// Handle the error codes
   332  	switch resp.StatusCode {
   333  	case http.StatusOK:
   334  		return nil
   335  	default:
   336  		return fmt.Errorf("HTTP error: %d", resp.StatusCode)
   337  	}
   338  }