// Returns the executable path and arguments // TODO: Clean this up func parseCommand(cmd string) (string, []string, error) { var args []string state := "start" current := "" quote := "\"" for i := 0; i < len(cmd); i++ { c := cmd[i] if state == "quotes" { if string(c) != quote { current += string(c) } else { args = append(args, current) current = "" state = "start" } continue } if c == '"' || c == '\'' { state = "quotes" quote = string(c) continue } if state == "arg" { if c == ' ' || c == '\t' { args = append(args, current) current = "" state = "start" } else { current += string(c) } continue } if c != ' ' && c != '\t' { state = "arg" current += string(c) } } if state == "quotes" { return "", []string{}, errors.New(fmt.Sprintf("Unclosed quote in command line: %s", cmd)) } if current != "" { args = append(args, current) } if len(args) <= 0 { return "", []string{}, errors.New("Empty command line") } if len(args) == 1 { return args[0], []string{}, nil } return args[0], args[1:], nil }
func (rancherClient *RancherBaseClientImpl) doUpdate(schemaType string, existing *Resource, updates interface{}, respObject interface{}) error { if existing == nil { return errors.New("Existing object is nil") } selfUrl, ok := existing.Links[SELF] if !ok { return errors.New(fmt.Sprintf("Failed to find self URL of [%v]", existing)) } if updates == nil { updates = map[string]string{} } if respObject == nil { respObject = &map[string]interface{}{} } schema, ok := rancherClient.Types[schemaType] if !ok { return errors.New("Unknown schema type [" + schemaType + "]") } if !contains(schema.ResourceMethods, "PUT") { return errors.New("Resource type [" + schemaType + "] is not updatable") } return rancherClient.doModify("PUT", selfUrl, updates, respObject) }
// StatVFS retrieves VFS statistics from a remote host. // // It implements the [email protected] SSH_FXP_EXTENDED feature // from http://www.opensource.apple.com/source/OpenSSH/OpenSSH-175/openssh/PROTOCOL?txt. func (c *Client) StatVFS(path string) (*StatVFS, error) { // send the StatVFS packet to the server id := c.nextID() typ, data, err := c.sendPacket(sshFxpStatvfsPacket{ ID: id, Path: path, }) if err != nil { return nil, err } switch typ { // server responded with valid data case ssh_FXP_EXTENDED_REPLY: var response StatVFS err = binary.Read(bytes.NewReader(data), binary.BigEndian, &response) if err != nil { return nil, errors.New("can not parse reply") } return &response, nil // the resquest failed case ssh_FXP_STATUS: return nil, errors.New(fxp(ssh_FXP_STATUS).String()) default: return nil, unimplementedPacketErr(typ) } }
// WaitForCluster waits until leader will be one of specified nodes func WaitForCluster(t *testing.T, clockSource *fakeclock.FakeClock, nodes map[uint64]*TestNode) { err := PollFunc(clockSource, func() error { var prev *etcdraft.Status nodeLoop: for _, n := range nodes { if prev == nil { prev = new(etcdraft.Status) *prev = n.Status() for _, n2 := range nodes { if n2.Config.ID == prev.Lead && n2.ReadyForProposals() { continue nodeLoop } } return errors.New("did not find a ready leader in member list") } cur := n.Status() for _, n2 := range nodes { if n2.Config.ID == cur.Lead { if cur.Lead != prev.Lead || cur.Term != prev.Term || cur.Applied != prev.Applied { return errors.New("state does not match on all nodes") } continue nodeLoop } } return errors.New("did not find leader in member list") } return nil }) require.NoError(t, err) }
// UnlockSwarm provides a key to decrypt data that is encrypted at rest. func (c *Cluster) UnlockSwarm(req types.UnlockRequest) error { key, err := encryption.ParseHumanReadableKey(req.UnlockKey) if err != nil { return err } c.Lock() if c.node != nil || c.locked != true { c.Unlock() return errors.New("swarm is not locked") } config := *c.lastNodeConfig config.lockKey = key n, err := c.startNewNode(config) if err != nil { c.Unlock() return err } c.Unlock() select { case <-n.Ready(): case <-n.done: if errors.Cause(c.err) == ErrSwarmLocked { return errors.New("swarm could not be unlocked: invalid key provided") } return fmt.Errorf("swarm component could not be started: %v", c.err) } go c.reconnectOnFailure(n) return nil }
// FindLeaf finds a directory of name leaf in the folder with ID pathID func (f *Fs) FindLeaf(pathID, leaf string) (pathIDOut string, found bool, err error) { // fs.Debug(f, "FindLeaf(%q, %q)", pathID, leaf) parent, ok := f.dirCache.GetInv(pathID) if !ok { return "", false, errors.New("couldn't find parent ID") } path := leaf if parent != "" { path = parent + "/" + path } if f.dirCache.FoundRoot() { path = f.rootSlash() + path } info, resp, err := f.readMetaDataForPath(path) if err != nil { if resp != nil && resp.StatusCode == http.StatusNotFound { return "", false, nil } return "", false, err } if info.Folder == nil { return "", false, errors.New("found file when looking for folder") } return info.ID, true, nil }
// RenewTLSConfig will continuously monitor for the necessity of renewing the local certificates, either by // issuing them locally if key-material is available, or requesting them from a remote CA. func RenewTLSConfig(ctx context.Context, s *SecurityConfig, remotes remotes.Remotes, renew <-chan struct{}) <-chan CertificateUpdate { updates := make(chan CertificateUpdate) go func() { var retry time.Duration defer close(updates) for { ctx = log.WithModule(ctx, "tls") log := log.G(ctx).WithFields(logrus.Fields{ "node.id": s.ClientTLSCreds.NodeID(), "node.role": s.ClientTLSCreds.Role(), }) // Our starting default will be 5 minutes retry = 5 * time.Minute // Since the expiration of the certificate is managed remotely we should update our // retry timer on every iteration of this loop. // Retrieve the current certificate expiration information. validFrom, validUntil, err := readCertValidity(s.KeyReader()) if err != nil { // We failed to read the expiration, let's stick with the starting default log.Errorf("failed to read the expiration of the TLS certificate in: %s", s.KeyReader().Target()) updates <- CertificateUpdate{Err: errors.New("failed to read certificate expiration")} } else { // If we have an expired certificate, we let's stick with the starting default in // the hope that this is a temporary clock skew. if validUntil.Before(time.Now()) { log.WithError(err).Errorf("failed to create a new client TLS config") updates <- CertificateUpdate{Err: errors.New("TLS certificate is expired")} } else { // Random retry time between 50% and 80% of the total time to expiration retry = calculateRandomExpiry(validFrom, validUntil) } } log.WithFields(logrus.Fields{ "time": time.Now().Add(retry), }).Debugf("next certificate renewal scheduled") select { case <-time.After(retry): log.Infof("renewing certificate") case <-renew: log.Infof("forced certificate renewal") case <-ctx.Done(): log.Infof("shuting down certificate renewal routine") return } // ignore errors - it will just try again laster if err := RenewTLSConfigNow(ctx, s, remotes); err != nil { updates <- CertificateUpdate{Err: err} } else { updates <- CertificateUpdate{Role: s.ClientTLSCreds.Role()} } } }() return updates }
// Parse string of the form "db"."rp" where the quotes are optional but can include escaped quotes // within the strings. func (d *dbrps) Set(value string) error { dbrp := client.DBRP{} if len(value) == 0 { return errors.New("dbrp cannot be empty") } var n int if value[0] == '"' { dbrp.Database, n = parseQuotedStr(value) } else { n = strings.IndexRune(value, '.') if n == -1 { return errors.New("does not contain a '.', it must be in the form \"dbname\".\"rpname\" where the quotes are optional.") } dbrp.Database = value[:n] } if value[n] != '.' { return errors.New("dbrp must specify retention policy, do you have a missing or extra '.'?") } value = value[n+1:] if value[0] == '"' { dbrp.RetentionPolicy, n = parseQuotedStr(value) } else { dbrp.RetentionPolicy = value } *d = append(*d, dbrp) return nil }
func (av *Writer) write(updates []parser.UpdateData) error { av.availableUpdates = updates // write temporary header (we need to know the size before storing in tar) if err := av.WriteHeader(); err != nil { return err } // archive info info := av.getInfo() ia := archiver.NewMetadataArchiver(&info, "info") if err := ia.Archive(av.aArchiver); err != nil { return errors.Wrapf(err, "writer: error archiving info") } // archive header ha := archiver.NewFileArchiver(av.hTmpFile.Name(), "header.tar.gz") if err := ha.Archive(av.aArchiver); err != nil { return errors.Wrapf(err, "writer: error archiving header") } // archive data if err := av.WriteData(); err != nil { return err } // we've been storing everything in temporary file if err := av.aArchiver.Close(); err != nil { return errors.New("writer: error closing archive") } // prevent from closing archiver twice av.aArchiver = nil if err := av.aTmpFile.Close(); err != nil { return errors.New("writer: error closing archive temporary file") } return os.Rename(av.aTmpFile.Name(), av.aName) }
// Returns a byte stream which is a download of the given link. func (u *UpdateClient) FetchUpdate(api ApiRequester, url string) (io.ReadCloser, int64, error) { req, err := makeUpdateFetchRequest(url) if err != nil { return nil, -1, errors.Wrapf(err, "failed to create update fetch request") } r, err := api.Do(req) if err != nil { log.Error("Can not fetch update image: ", err) return nil, -1, errors.Wrapf(err, "update fetch request failed") } log.Debugf("Received fetch update response %v+", r) if r.StatusCode != http.StatusOK { r.Body.Close() log.Errorf("Error fetching shcheduled update info: code (%d)", r.StatusCode) return nil, -1, errors.New("Error receiving scheduled update information.") } if r.ContentLength < 0 { r.Body.Close() return nil, -1, errors.New("Will not continue with unknown image size.") } else if r.ContentLength < u.minImageSize { r.Body.Close() log.Errorf("Image smaller than expected. Expected: %d, received: %d", u.minImageSize, r.ContentLength) return nil, -1, errors.New("Image size is smaller than expected. Aborting.") } return r.Body, r.ContentLength, nil }
// purgeCheck removes the root directory, if check is set then it // refuses to do so if it has anything in func (f *Fs) purgeCheck(dir string, check bool) error { root := path.Join(f.root, dir) if root == "" { return errors.New("can't purge root directory") } dc := f.dirCache err := dc.FindRoot(false) if err != nil { return err } rootID, err := dc.FindDir(dir, false) if err != nil { return err } item, _, err := f.readMetaDataForPath(root) if err != nil { return err } if item.Folder == nil { return errors.New("not a folder") } if check && item.Folder.ChildCount != 0 { return errors.New("folder not empty") } err = f.deleteObject(rootID) if err != nil { return err } f.dirCache.FlushDir(dir) if err != nil { return err } return nil }
func (s *Service) execQuery(q, cluster string) (kapacitor.DBRP, *influxdb.Response, error) { // Parse query to determine dbrp dbrp := kapacitor.DBRP{} stmt, err := influxql.ParseStatement(q) if err != nil { return dbrp, nil, err } if slct, ok := stmt.(*influxql.SelectStatement); ok && len(slct.Sources) == 1 { if m, ok := slct.Sources[0].(*influxql.Measurement); ok { dbrp.Database = m.Database dbrp.RetentionPolicy = m.RetentionPolicy } } if dbrp.Database == "" || dbrp.RetentionPolicy == "" { return dbrp, nil, errors.New("could not determine database and retention policy. Is the query fully qualified?") } if s.InfluxDBService == nil { return dbrp, nil, errors.New("InfluxDB not configured, cannot record query") } // Query InfluxDB con, err := s.InfluxDBService.NewNamedClient(cluster) if err != nil { return dbrp, nil, errors.Wrap(err, "failed to get InfluxDB client") } query := influxdb.Query{ Command: q, } resp, err := con.Query(query) if err != nil { return dbrp, nil, errors.Wrap(err, "InfluxDB query failed") } return dbrp, resp, nil }
func commonInit(config *menderConfig, opts *runOptionsType) (*MenderPieces, error) { tentok, err := loadTenantToken(*opts.dataStore) if err != nil { return nil, errors.Wrapf(err, "failed to load tenant token") } ks := getKeyStore(*opts.dataStore, config.DeviceKey) if ks == nil { return nil, errors.New("failed to setup key storage") } dbstore := NewDBStore(*opts.dataStore) if dbstore == nil { return nil, errors.New("failed to initialize DB store") } authmgr := NewAuthManager(AuthManagerConfig{ AuthDataStore: dbstore, KeyStore: ks, IdentitySource: NewIdentityDataGetter(), TenantToken: tentok, }) if authmgr == nil { // close DB store explicitly dbstore.Close() return nil, errors.New("error initializing authentication manager") } mp := MenderPieces{ store: dbstore, authMgr: authmgr, } return &mp, nil }
func newSyncCopyMove(fdst, fsrc Fs, Delete bool, DoMove bool) (*syncCopyMove, error) { s := &syncCopyMove{ fdst: fdst, fsrc: fsrc, Delete: Delete, DoMove: DoMove, dir: "", srcFilesChan: make(chan Object, Config.Checkers+Config.Transfers), srcFilesResult: make(chan error, 1), dstFilesResult: make(chan error, 1), noTraverse: Config.NoTraverse, abort: make(chan struct{}), toBeChecked: make(ObjectPairChan, Config.Transfers), toBeUploaded: make(ObjectPairChan, Config.Transfers), deleteBefore: Delete && Config.DeleteBefore, trackRenames: Config.TrackRenames, commonHash: fsrc.Hashes().Overlap(fdst.Hashes()).GetOne(), toBeRenamed: make(ObjectPairChan, Config.Transfers), } if s.noTraverse && s.Delete { Debug(s.fdst, "Ignoring --no-traverse with sync") s.noTraverse = false } if s.trackRenames { // Don't track renames for remotes without server-side move support. if !CanServerSideMove(fdst) { ErrorLog(fdst, "Ignoring --track-renames as the destination does not support server-side move or copy") s.trackRenames = false } if s.commonHash == HashNone { ErrorLog(fdst, "Ignoring --track-renames as the source and destination do not have a common hash") s.trackRenames = false } } if s.noTraverse && s.trackRenames { Debug(s.fdst, "Ignoring --no-traverse with --track-renames") s.noTraverse = false } // Make Fs for --backup-dir if required if Config.BackupDir != "" { var err error s.backupDir, err = NewFs(Config.BackupDir) if err != nil { return nil, FatalError(errors.Errorf("Failed to make fs for --backup-dir %q: %v", Config.BackupDir, err)) } if !CanServerSideMove(s.backupDir) { return nil, FatalError(errors.New("can't use --backup-dir on a remote which doesn't support server side move or copy")) } if !SameConfig(fdst, s.backupDir) { return nil, FatalError(errors.New("parameter to --backup-dir has to be on the same remote as destination")) } if Overlapping(fdst, s.backupDir) { return nil, FatalError(errors.New("destination and parameter to --backup-dir mustn't overlap")) } if Overlapping(fsrc, s.backupDir) { return nil, FatalError(errors.New("source and parameter to --backup-dir mustn't overlap")) } } return s, nil }
func (t *targetSet) Run(ctx *Context, client *Client) error { if len(ctx.Args) != 1 { return errors.New("Invalid arguments") } targetLabelToSet := strings.TrimSpace(ctx.Args[0]) labelExist, err := CheckIfTargetLabelExists(targetLabelToSet) if err != nil { return err } if !labelExist { return errors.New("Target not found") } targets, err := getTargets() if err != nil { return err } for label, target := range targets { if label == targetLabelToSet { err = WriteTarget(target) if err != nil { return err } fmt.Fprintf(ctx.Stdout, "New target is %s -> %s\n", label, target) } } return nil }
// FindRangeLeaseHolder is part of TestClusterInterface. func (tc *TestCluster) FindRangeLeaseHolder( rangeDesc roachpb.RangeDescriptor, hint *base.ReplicationTarget, ) (base.ReplicationTarget, error) { lease, now, err := tc.FindRangeLease(rangeDesc, hint) if err != nil { return base.ReplicationTarget{}, err } if lease == nil { return base.ReplicationTarget{}, errors.New("no active lease") } // Find lease replica in order to examine the lease state. store, err := tc.findMemberStore(lease.Replica.StoreID) if err != nil { return base.ReplicationTarget{}, err } replica, err := store.GetReplica(rangeDesc.RangeID) if err != nil { return base.ReplicationTarget{}, err } if !replica.IsLeaseValid(lease, now) { return base.ReplicationTarget{}, errors.New("no valid lease") } replicaDesc := lease.Replica return base.ReplicationTarget{NodeID: replicaDesc.NodeID, StoreID: replicaDesc.StoreID}, nil }
func newUserSelectedOTPLDeploySpecs(detected DetectedOTPLDeploySpecs, tmid TargetManifestID, flags *config.OTPLFlags, state *sous.State) (UserSelectedOTPLDeploySpecs, error) { var nowt UserSelectedOTPLDeploySpecs mid := sous.ManifestID(tmid) // we don't care about these flags when a manifest already exists if _, ok := state.Manifests.Get(mid); ok { return nowt, nil } if !flags.UseOTPLDeploy && !flags.IgnoreOTPLDeploy && len(detected.DeploySpecs) != 0 { return nowt, errors.New("otpl-deploy detected in config/, please specify either -use-otpl-deploy, or -ignore-otpl-deploy to proceed") } if !flags.UseOTPLDeploy { return nowt, nil } if len(detected.DeploySpecs) == 0 { return nowt, errors.New("use of otpl configuration was specified, but no valid deployments were found in config/") } deploySpecs := sous.DeploySpecs{} for clusterName, spec := range detected.DeploySpecs { if _, ok := state.Defs.Clusters[clusterName]; !ok { sous.Log.Warn.Printf("otpl-deploy config for cluster %q ignored", clusterName) continue } deploySpecs[clusterName] = spec } return UserSelectedOTPLDeploySpecs{deploySpecs}, nil }
// getTLSConfig creates a tls.Config object from the given certs, key, and CA files. // you must give the full path to the files. func getTLSConfig( SSLCA, SSLCert, SSLKey string, InsecureSkipVerify bool, ) (*tls.Config, error) { t := &tls.Config{ InsecureSkipVerify: InsecureSkipVerify, } if SSLCert != "" && SSLKey != "" { cert, err := tls.LoadX509KeyPair(SSLCert, SSLKey) if err != nil { return nil, fmt.Errorf( "Could not load TLS client key/certificate: %s", err) } t.Certificates = []tls.Certificate{cert} } else if SSLCert != "" { return nil, errors.New("Must provide both key and cert files: only cert file provided.") } else if SSLKey != "" { return nil, errors.New("Must provide both key and cert files: only key file provided.") } if SSLCA != "" { caCert, err := ioutil.ReadFile(SSLCA) if err != nil { return nil, fmt.Errorf("Could not load TLS CA: %s", err) } caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caCert) t.RootCAs = caCertPool } return t, nil }
// purgeCheck removes the root directory, if check is set then it // refuses to do so if it has anything in func (f *Fs) purgeCheck(check bool) error { if f.root == "" { return errors.New("can't purge root directory") } dc := f.dirCache err := dc.FindRoot(false) if err != nil { return err } rootID := dc.RootID() item, _, err := f.readMetaDataForPath(f.root) if err != nil { return err } if item.Folder == nil { return errors.New("not a folder") } if check && item.Folder.ChildCount != 0 { return errors.New("folder not empty") } err = f.deleteObject(rootID) if err != nil { return err } f.dirCache.ResetRoot() if err != nil { return err } return nil }
func (p *FakeProvisioner) Shell(opts provision.ShellOptions) error { var unit provision.Unit units, err := p.Units(opts.App) if err != nil { return err } if len(units) == 0 { return errors.New("app has no units") } else if opts.Unit != "" { for _, u := range units { if u.ID == opts.Unit { unit = u break } } } else { unit = units[0] } if unit.ID == "" { return errors.New("unit not found") } p.shellMut.Lock() defer p.shellMut.Unlock() p.shells[unit.ID] = append(p.shells[unit.ID], opts) return nil }
// swiftConnection makes a connection to swift func swiftConnection(name string) (*swift.Connection, error) { userName := fs.ConfigFile.MustValue(name, "user") if userName == "" { return nil, errors.New("user not found") } apiKey := fs.ConfigFile.MustValue(name, "key") if apiKey == "" { return nil, errors.New("key not found") } authURL := fs.ConfigFile.MustValue(name, "auth") if authURL == "" { return nil, errors.New("auth not found") } c := &swift.Connection{ UserName: userName, ApiKey: apiKey, AuthUrl: authURL, AuthVersion: fs.ConfigFile.MustInt(name, "auth_version", 0), UserAgent: fs.UserAgent, Tenant: fs.ConfigFile.MustValue(name, "tenant"), Region: fs.ConfigFile.MustValue(name, "region"), Domain: fs.ConfigFile.MustValue(name, "domain"), TenantDomain: fs.ConfigFile.MustValue(name, "tenant_domain"), ConnectTimeout: 10 * fs.Config.ConnectTimeout, // Use the timeouts in the transport Timeout: 10 * fs.Config.Timeout, // Use the timeouts in the transport Transport: fs.Config.Transport(), } err := c.Authenticate() if err != nil { return nil, err } return c, nil }
// doRequest performs a correctly authenticated request to a specified path, and returns response body or an error object. func (c *openshiftClient) doRequest(method, path string, requestBody []byte) ([]byte, error) { url := *c.baseURL url.Path = path var requestBodyReader io.Reader if requestBody != nil { logrus.Debugf("Will send body: %s", requestBody) requestBodyReader = bytes.NewReader(requestBody) } req, err := http.NewRequest(method, url.String(), requestBodyReader) if err != nil { return nil, err } if len(c.bearerToken) != 0 { req.Header.Set("Authorization", "Bearer "+c.bearerToken) } else if len(c.username) != 0 { req.SetBasicAuth(c.username, c.password) } req.Header.Set("Accept", "application/json, */*") req.Header.Set("User-Agent", fmt.Sprintf("skopeo/%s", version.Version)) if requestBody != nil { req.Header.Set("Content-Type", "application/json") } logrus.Debugf("%s %s", method, url) res, err := c.httpClient.Do(req) if err != nil { return nil, err } defer res.Body.Close() body, err := ioutil.ReadAll(res.Body) if err != nil { return nil, err } logrus.Debugf("Got body: %s", body) // FIXME: Just throwing this useful information away only to try to guess later... logrus.Debugf("Got content-type: %s", res.Header.Get("Content-Type")) var status status statusValid := false if err := json.Unmarshal(body, &status); err == nil && len(status.Status) > 0 { statusValid = true } switch { case res.StatusCode == http.StatusSwitchingProtocols: // FIXME?! No idea why this weird case exists in k8s.io/kubernetes/pkg/client/restclient. if statusValid && status.Status != "Success" { return nil, errors.New(status.Message) } case res.StatusCode >= http.StatusOK && res.StatusCode <= http.StatusPartialContent: // OK. default: if statusValid { return nil, errors.New(status.Message) } return nil, errors.Errorf("HTTP error: status code: %d, body: %s", res.StatusCode, string(body)) } return body, nil }
// EncryptECPrivateKey receives a PEM encoded private key and returns an encrypted // AES256 version using a passphrase // TODO: Make this method generic to handle RSA keys func EncryptECPrivateKey(key []byte, passphraseStr string) ([]byte, error) { passphrase := []byte(passphraseStr) cipherType := x509.PEMCipherAES256 keyBlock, _ := pem.Decode(key) if keyBlock == nil { // This RootCA does not have a valid signer. return nil, errors.New("error while decoding PEM key") } encryptedPEMBlock, err := x509.EncryptPEMBlock(rand.Reader, "EC PRIVATE KEY", keyBlock.Bytes, passphrase, cipherType) if err != nil { return nil, err } if encryptedPEMBlock.Headers == nil { return nil, errors.New("unable to encrypt key - invalid PEM file produced") } return pem.EncodeToMemory(encryptedPEMBlock), nil }
func (ua updateAction) Validate() error { if ua.section == "" { return errors.New("must provide section name") } if !validSectionOrElement.MatchString(ua.section) { return fmt.Errorf("invalid section name %q", ua.section) } if ua.element != "" && !validSectionOrElement.MatchString(ua.element) { return fmt.Errorf("invalid element name %q", ua.element) } sEmpty := len(ua.Set) == 0 dEmpty := len(ua.Delete) == 0 aEmpty := len(ua.Add) == 0 rEmpty := len(ua.Remove) == 0 if (!sEmpty || !dEmpty) && !(aEmpty && rEmpty) { return errors.New("cannot provide both set/delete and add/remove actions in the same update") } if !aEmpty && ua.element != "" { return errors.New("must not provide an element name when adding an a new override") } if !rEmpty && ua.element != "" { return errors.New("must not provide element when removing an override") } if rEmpty && aEmpty && !ua.hasElement { return errors.New("element not specified, are you missing a trailing '/'?") } return nil }
func (rancherClient *RancherBaseClientImpl) doCreate(schemaType string, createObj interface{}, respObject interface{}) error { if createObj == nil { createObj = map[string]string{} } if respObject == nil { respObject = &map[string]interface{}{} } schema, ok := rancherClient.Types[schemaType] if !ok { return errors.New("Unknown schema type [" + schemaType + "]") } if !contains(schema.CollectionMethods, "POST") { return errors.New("Resource type [" + schemaType + "] is not creatable") } var collectionUrl string collectionUrl, ok = schema.Links[COLLECTION] if !ok { // return errors.New("Failed to find collection URL for [" + schemaType + "]") // This is a hack to address https://github.com/rancher/cattle/issues/254 re := regexp.MustCompile("schemas.*") collectionUrl = re.ReplaceAllString(schema.Links[SELF], schema.PluralName) } return rancherClient.doModify("POST", collectionUrl, createObj, respObject) }
func (mgm tokenManager) Extract(tokenString string) (*account.Identity, error) { token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { return mgm.publicKey, nil }) if err != nil { return nil, errors.WithStack(err) } if !token.Valid { return nil, errors.New("Token not valid") } claimedUUID := token.Claims.(jwt.MapClaims)["sub"] if claimedUUID == nil { return nil, errors.New("Subject can not be nil") } // in case of nil UUID, below type casting will fail hence we need above check id, err := uuid.FromString(token.Claims.(jwt.MapClaims)["sub"].(string)) if err != nil { return nil, errors.WithStack(err) } ident := account.Identity{ ID: id, Username: token.Claims.(jwt.MapClaims)["preferred_username"].(string), } return &ident, nil }
// UserAuthPasswordHook builds an authentication hook based on the security // mode, password, and its potentially matching hash. func UserAuthPasswordHook(insecureMode bool, password string, hashedPassword []byte) UserAuthHook { return func(requestedUser string, clientConnection bool) error { if len(requestedUser) == 0 { return errors.New("user is missing") } if !clientConnection { return errors.New("password authentication is only available for client connections") } if insecureMode { return nil } if requestedUser == RootUser { return errors.Errorf("user %s must authenticate using a client certificate ", RootUser) } // If the requested user has an empty password, disallow authentication. if len(password) == 0 || compareHashAndPassword(hashedPassword, password) != nil { return errors.New("invalid password") } return nil } }
func (d NetworkDriver) CreateNetwork(request *network.CreateNetworkRequest) error { logutils.JSONMessage("CreateNetwork", request) genericOpts, ok := request.Options["com.docker.network.generic"] if ok { opts, ok := genericOpts.(map[string]interface{}) if ok && len(opts) != 0 { err := errors.New("Arbitrary options are not supported") log.Println(err) return err } } for _, ipData := range request.IPv4Data { // Older version of Docker have a bug where they don't provide the correct AddressSpace // so we can't check for calico IPAM using our known address space. // Also the pool might not have a fixed values if --subnet was passed // So the only safe thing is to check for our special gateway value if ipData.Gateway != "0.0.0.0/0" { err := errors.New("Non-Calico IPAM driver is used") log.Errorln(err) return err } } logutils.JSONMessage("CreateNetwork response", map[string]string{}) return nil }
func (s *Service) Alert(routingKey, messageType, message, entityID string, t time.Time, details interface{}) error { url, post, err := s.preparePost(routingKey, messageType, message, entityID, t, details) if err != nil { return err } resp, err := http.Post(url, "application/json", post) if err != nil { return err } defer resp.Body.Close() if resp.StatusCode != http.StatusOK { if resp.StatusCode == http.StatusNotFound { return errors.New("URL or API key not found: 404") } body, err := ioutil.ReadAll(resp.Body) if err != nil { return err } type response struct { Message string `json:"message"` } r := &response{Message: fmt.Sprintf("failed to understand VictorOps response. code: %d content: %s", resp.StatusCode, string(body))} b := bytes.NewReader(body) dec := json.NewDecoder(b) dec.Decode(r) return errors.New(r.Message) } return nil }
func parsePortConfig(portConfig string) (string, api.PortConfig_Protocol, uint32, uint32, error) { protocol := api.ProtocolTCP parts := strings.Split(portConfig, ":") if len(parts) < 2 { return "", protocol, 0, 0, errors.New("insufficient parameters in port configuration") } name := parts[0] portSpec := parts[1] protocol, port, err := parsePortSpec(portSpec) if err != nil { return "", protocol, 0, 0, errors.Wrap(err, "failed to parse port") } if len(parts) > 2 { var err error portSpec := parts[2] nodeProtocol, swarmPort, err := parsePortSpec(portSpec) if err != nil { return "", protocol, 0, 0, errors.Wrap(err, "failed to parse node port") } if nodeProtocol != protocol { return "", protocol, 0, 0, errors.New("protocol mismatch") } return name, protocol, port, swarmPort, nil } return name, protocol, port, 0, nil }