From 239b5362ae3cc40d51747e41fb2f2f241eaf341d Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Tue, 14 Mar 2023 07:45:27 +0200 Subject: [PATCH] feat: Propagate kubernetes root certificate to che components (#1637) * feat: Propagate kubernetes root certificate to che components Signed-off-by: Anatolii Bazko --- go.mod | 1 - go.sum | 2 - pkg/common/k8s-helper/k8s_helper.go | 38 - .../dashboard/dashboard_deployment_test.go | 16 + pkg/deploy/dashboard/deployment_dashboard.go | 16 + pkg/deploy/tls/certificates.go | 67 +- pkg/deploy/tls/tls_secret.go | 4 +- pkg/deploy/tls/tls_utils.go | 190 ++-- .../moby/spdystream/CONTRIBUTING.md | 13 - vendor/github.com/moby/spdystream/LICENSE | 202 ---- vendor/github.com/moby/spdystream/MAINTAINERS | 40 - vendor/github.com/moby/spdystream/NOTICE | 5 - vendor/github.com/moby/spdystream/README.md | 77 -- .../github.com/moby/spdystream/connection.go | 972 ------------------ vendor/github.com/moby/spdystream/handlers.go | 52 - vendor/github.com/moby/spdystream/priority.go | 114 -- .../moby/spdystream/spdy/dictionary.go | 203 ---- .../github.com/moby/spdystream/spdy/read.go | 364 ------- .../github.com/moby/spdystream/spdy/types.go | 291 ------ .../github.com/moby/spdystream/spdy/write.go | 334 ------ vendor/github.com/moby/spdystream/stream.go | 343 ------ vendor/github.com/moby/spdystream/utils.go | 32 - .../apimachinery/pkg/util/httpstream/doc.go | 19 - .../pkg/util/httpstream/httpstream.go | 157 --- .../pkg/util/httpstream/spdy/connection.go | 187 ---- .../pkg/util/httpstream/spdy/roundtripper.go | 369 ------- .../pkg/util/httpstream/spdy/upgrade.go | 120 --- .../pkg/util/remotecommand/constants.go | 53 - .../third_party/forked/golang/netutil/addr.go | 27 - .../client-go/tools/remotecommand/doc.go | 20 - .../tools/remotecommand/errorstream.go | 55 - .../client-go/tools/remotecommand/reader.go | 41 - .../tools/remotecommand/remotecommand.go | 142 --- .../client-go/tools/remotecommand/resize.go | 33 - .../client-go/tools/remotecommand/v1.go | 160 --- .../client-go/tools/remotecommand/v2.go | 200 ---- .../client-go/tools/remotecommand/v3.go | 111 -- .../client-go/tools/remotecommand/v4.go | 119 --- .../k8s.io/client-go/transport/spdy/spdy.go | 105 -- vendor/k8s.io/client-go/util/exec/exec.go | 52 - vendor/modules.txt | 11 - 41 files changed, 182 insertions(+), 5175 deletions(-) delete mode 100644 vendor/github.com/moby/spdystream/CONTRIBUTING.md delete mode 100644 vendor/github.com/moby/spdystream/LICENSE delete mode 100644 vendor/github.com/moby/spdystream/MAINTAINERS delete mode 100644 vendor/github.com/moby/spdystream/NOTICE delete mode 100644 vendor/github.com/moby/spdystream/README.md delete mode 100644 vendor/github.com/moby/spdystream/connection.go delete mode 100644 vendor/github.com/moby/spdystream/handlers.go delete mode 100644 vendor/github.com/moby/spdystream/priority.go delete mode 100644 vendor/github.com/moby/spdystream/spdy/dictionary.go delete mode 100644 vendor/github.com/moby/spdystream/spdy/read.go delete mode 100644 vendor/github.com/moby/spdystream/spdy/types.go delete mode 100644 vendor/github.com/moby/spdystream/spdy/write.go delete mode 100644 vendor/github.com/moby/spdystream/stream.go delete mode 100644 vendor/github.com/moby/spdystream/utils.go delete mode 100644 vendor/k8s.io/apimachinery/pkg/util/httpstream/doc.go delete mode 100644 vendor/k8s.io/apimachinery/pkg/util/httpstream/httpstream.go delete mode 100644 vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/connection.go delete mode 100644 vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go delete mode 100644 vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/upgrade.go delete mode 100644 vendor/k8s.io/apimachinery/pkg/util/remotecommand/constants.go delete mode 100644 vendor/k8s.io/apimachinery/third_party/forked/golang/netutil/addr.go delete mode 100644 vendor/k8s.io/client-go/tools/remotecommand/doc.go delete mode 100644 vendor/k8s.io/client-go/tools/remotecommand/errorstream.go delete mode 100644 vendor/k8s.io/client-go/tools/remotecommand/reader.go delete mode 100644 vendor/k8s.io/client-go/tools/remotecommand/remotecommand.go delete mode 100644 vendor/k8s.io/client-go/tools/remotecommand/resize.go delete mode 100644 vendor/k8s.io/client-go/tools/remotecommand/v1.go delete mode 100644 vendor/k8s.io/client-go/tools/remotecommand/v2.go delete mode 100644 vendor/k8s.io/client-go/tools/remotecommand/v3.go delete mode 100644 vendor/k8s.io/client-go/tools/remotecommand/v4.go delete mode 100644 vendor/k8s.io/client-go/transport/spdy/spdy.go delete mode 100644 vendor/k8s.io/client-go/util/exec/exec.go diff --git a/go.mod b/go.mod index 2bce86f78..e9086c151 100644 --- a/go.mod +++ b/go.mod @@ -56,7 +56,6 @@ require ( github.com/json-iterator/go v1.1.11 // indirect github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect - github.com/moby/spdystream v0.2.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.1 // indirect github.com/onsi/gomega v1.17.0 // indirect diff --git a/go.sum b/go.sum index 049c778c0..12c1eb746 100644 --- a/go.sum +++ b/go.sum @@ -134,7 +134,6 @@ github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7/go.mod h1:cyGadeNE github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/edsrzf/mmap-go v0.0.0-20181215214921-188cc3b666ba/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= -github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20200129102538-a2fa14558f9a/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/envoyproxy/go-control-plane v0.0.0-20200213201256-ba8e577f987f/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -326,7 +325,6 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/moby v0.7.3-0.20190826074503-38ab9da00309 h1:cvy4lBOYN3gKfKj8Lzz5Q9TfviP+L7koMHY7SvkyTKs= github.com/moby/moby v0.7.3-0.20190826074503-38ab9da00309/go.mod h1:fDXVQ6+S340veQPv35CzDahGBmHsiclFwfEygB/TWMc= -github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= diff --git a/pkg/common/k8s-helper/k8s_helper.go b/pkg/common/k8s-helper/k8s_helper.go index ce4a30d8c..2e5ede453 100644 --- a/pkg/common/k8s-helper/k8s_helper.go +++ b/pkg/common/k8s-helper/k8s_helper.go @@ -12,13 +12,9 @@ package k8shelper import ( - "bytes" "context" - "fmt" - "io" "os" - corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -29,8 +25,6 @@ import ( "github.com/sirupsen/logrus" "k8s.io/client-go/kubernetes" - "k8s.io/client-go/kubernetes/scheme" - "k8s.io/client-go/tools/remotecommand" "sigs.k8s.io/controller-runtime/pkg/client/config" ) @@ -77,38 +71,6 @@ func (cl *K8sHelper) GetPodsByComponent(name string, ns string) []string { return names } -func (cl *K8sHelper) RunExec(command []string, podName, namespace string, stdin io.Reader) (string, string, error) { - req := cl.clientset.CoreV1().RESTClient().Post(). - Resource("pods"). - Name(podName). - Namespace(namespace). - SubResource("exec") - - req.VersionedParams(&corev1.PodExecOptions{ - Command: command, - Stdin: stdin != nil, - Stdout: true, - Stderr: true, - TTY: false, - }, scheme.ParameterCodec) - - cfg, _ := config.GetConfig() - exec, err := remotecommand.NewSPDYExecutor(cfg, "POST", req.URL()) - if err != nil { - return "", "", fmt.Errorf("error while creating executor: %v", err) - } - - var stdout, stderr bytes.Buffer - err = exec.Stream(remotecommand.StreamOptions{ - Stdin: stdin, - Stdout: &stdout, - Stderr: &stderr, - Tty: false, - }) - - return stdout.String(), stderr.String(), err -} - func initializeForTesting() *K8sHelper { k8sHelper = &K8sHelper{ clientset: fake.NewSimpleClientset(), diff --git a/pkg/deploy/dashboard/dashboard_deployment_test.go b/pkg/deploy/dashboard/dashboard_deployment_test.go index 6c3dc20d4..e14938d7e 100644 --- a/pkg/deploy/dashboard/dashboard_deployment_test.go +++ b/pkg/deploy/dashboard/dashboard_deployment_test.go @@ -169,6 +169,14 @@ func TestDashboardDeploymentEnvVars(t *testing.T) { Name: "CHE_INTERNAL_URL", Value: "http://che-host.eclipse-che.svc:8080/api", }, + { + Name: "CHE_WORKSPACE_DEVFILE__REGISTRY__INTERNAL__URL", + Value: "http://devfile-registry.eclipse-che.svc:8080", + }, + { + Name: "CHE_WORKSPACE_PLUGIN__REGISTRY__INTERNAL__URL", + Value: "http://plugin-registry.eclipse-che.svc:8080/v3", + }, { Name: "OPENSHIFT_CONSOLE_URL", }, @@ -217,6 +225,14 @@ func TestDashboardDeploymentEnvVars(t *testing.T) { Name: "CHE_INTERNAL_URL", Value: "http://che-host.eclipse-che.svc:8080/api", }, + { + Name: "CHE_WORKSPACE_DEVFILE__REGISTRY__INTERNAL__URL", + Value: "http://devfile-registry.eclipse-che.svc:8080", + }, + { + Name: "CHE_WORKSPACE_PLUGIN__REGISTRY__INTERNAL__URL", + Value: "http://plugin-registry.eclipse-che.svc:8080/v3", + }, { Name: "OPENSHIFT_CONSOLE_URL", Value: "https://console-openshift-console.apps.my-host/", diff --git a/pkg/deploy/dashboard/deployment_dashboard.go b/pkg/deploy/dashboard/deployment_dashboard.go index 3f56f34c2..1c1faab18 100644 --- a/pkg/deploy/dashboard/deployment_dashboard.go +++ b/pkg/deploy/dashboard/deployment_dashboard.go @@ -75,6 +75,22 @@ func (d *DashboardReconciler) getDashboardDeploymentSpec(ctx *chetypes.DeployCon Value: fmt.Sprintf("http://%s.%s.svc:8080/api", deploy.CheServiceName, ctx.CheCluster.Namespace)}, ) + if !ctx.CheCluster.Spec.Components.DevfileRegistry.DisableInternalRegistry { + envVars = append(envVars, + corev1.EnvVar{ + Name: "CHE_WORKSPACE_DEVFILE__REGISTRY__INTERNAL__URL", + Value: fmt.Sprintf("http://%s.%s.svc:8080", constants.DevfileRegistryName, ctx.CheCluster.Namespace)}, + ) + } + + if !ctx.CheCluster.Spec.Components.PluginRegistry.DisableInternalRegistry { + envVars = append(envVars, + corev1.EnvVar{ + Name: "CHE_WORKSPACE_PLUGIN__REGISTRY__INTERNAL__URL", + Value: fmt.Sprintf("http://%s.%s.svc:8080/v3", constants.PluginRegistryName, ctx.CheCluster.Namespace)}, + ) + } + if utils.IsK8SResourceServed(ctx.ClusterAPI.DiscoveryClient, ConsoleLinksResourceName) { envVars = append(envVars, corev1.EnvVar{ diff --git a/pkg/deploy/tls/certificates.go b/pkg/deploy/tls/certificates.go index 65826eb14..3364bdfb5 100644 --- a/pkg/deploy/tls/certificates.go +++ b/pkg/deploy/tls/certificates.go @@ -17,6 +17,10 @@ import ( "reflect" "strings" + k8shelper "github.com/eclipse-che/che-operator/pkg/common/k8s-helper" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/json" + "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" @@ -37,10 +41,12 @@ const ( // CheMergedCAConfigMapRevisionsAnnotationKey is annotation name which holds versions of included config maps in format: cm-name1=ver1,cm-name2=ver2 CheMergedCAConfigMapRevisionsAnnotationKey = "che.eclipse.org/included-configmaps" + KubernetesRootCertificateConfigMapName = "kube-root-ca.crt" + // Local constants - // labelEqualSign consyant is used as a replacement for '=' symbol in labels because '=' is not allowed there + // labelEqualSign constant is used as a replacement for '=' symbol in labels because '=' is not allowed there labelEqualSign = "-" - // labelCommaSign consyant is used as a replacement for ',' symbol in labels because ',' is not allowed there + // labelCommaSign constant is used as a replacement for ',' symbol in labels because ',' is not allowed there labelCommaSign = "." ) @@ -54,14 +60,20 @@ func NewCertificatesReconciler() *CertificatesReconciler { func (c *CertificatesReconciler) Reconcile(ctx *chetypes.DeployContext) (reconcile.Result, bool, error) { if ctx.Proxy.TrustedCAMapName != "" { - done, err := c.syncTrustStoreConfigMapToCluster(ctx) - if !done { - return reconcile.Result{}, done, err + if done, err := c.syncTrustStoreConfigMapToCluster(ctx); !done { + return reconcile.Result{}, false, err } } - done, err := c.syncAdditionalCACertsConfigMapToCluster(ctx) - return reconcile.Result{}, done, err + if done, err := c.syncKubernetesRootCertificates(ctx); !done { + return reconcile.Result{}, false, err + } + + if done, err := c.syncAdditionalCACertsConfigMapToCluster(ctx); !done { + return reconcile.Result{}, false, err + } + + return reconcile.Result{}, true, nil } func (c *CertificatesReconciler) Finalize(ctx *chetypes.DeployContext) bool { @@ -105,6 +117,44 @@ func (c *CertificatesReconciler) syncTrustStoreConfigMapToCluster(ctx *chetypes. return true, nil } +// syncAdditionalCACertsConfigMapToCluster adds labels to ConfigMap `kube-root-ca.crt` to propagate +// Kubernetes root certificates to Che components. It is needed to use NonCachingClient because the map +// initially is not in the cache. +func (c *CertificatesReconciler) syncKubernetesRootCertificates(ctx *chetypes.DeployContext) (bool, error) { + certs := &corev1.ConfigMap{} + if err := ctx.ClusterAPI.NonCachingClient.Get( + context.TODO(), + types.NamespacedName{ + Name: KubernetesRootCertificateConfigMapName, + Namespace: ctx.CheCluster.Namespace, + }, + certs); err != nil { + if errors.IsNotFound(err) { + return true, nil + } else { + return false, err + } + } + + patchData, _ := json.Marshal(corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{ + constants.KubernetesPartOfLabelKey: constants.CheEclipseOrg, + constants.KubernetesComponentLabelKey: CheCACertsConfigMapLabelValue, + }, + }, + }) + + _, err := k8shelper.New().GetClientset().CoreV1().ConfigMaps(ctx.CheCluster.Namespace).Patch( + context.TODO(), + KubernetesRootCertificateConfigMapName, + types.MergePatchType, + patchData, + metav1.PatchOptions{}, + ) + return err == nil, err +} + func (c *CertificatesReconciler) syncAdditionalCACertsConfigMapToCluster(ctx *chetypes.DeployContext) (bool, error) { // Get all source config maps, if any caConfigMaps, err := GetCACertsConfigMaps(ctx.ClusterAPI.Client, ctx.CheCluster.GetNamespace()) @@ -182,6 +232,5 @@ func (c *CertificatesReconciler) syncAdditionalCACertsConfigMapToCluster(ctx *ch mergedCAConfigMapSpec := deploy.GetConfigMapSpec(ctx, CheAllCACertsConfigMapName, data, defaults.GetCheFlavor()) mergedCAConfigMapSpec.ObjectMeta.Labels[constants.KubernetesPartOfLabelKey] = constants.CheEclipseOrg mergedCAConfigMapSpec.ObjectMeta.Annotations[CheMergedCAConfigMapRevisionsAnnotationKey] = revisions - done, err := deploy.SyncConfigMapSpecToCluster(ctx, mergedCAConfigMapSpec) - return done, err + return deploy.SyncConfigMapSpecToCluster(ctx, mergedCAConfigMapSpec) } diff --git a/pkg/deploy/tls/tls_secret.go b/pkg/deploy/tls/tls_secret.go index ed3db26a3..b5495a890 100644 --- a/pkg/deploy/tls/tls_secret.go +++ b/pkg/deploy/tls/tls_secret.go @@ -32,7 +32,7 @@ func (t *TlsSecretReconciler) Reconcile(ctx *chetypes.DeployContext) (reconcile. if infrastructure.IsOpenShift() { // create a secret with router tls cert when on OpenShift infra and router is configured with a self signed certificate if ctx.IsSelfSignedCertificate { - if err := CreateTLSSecretFromEndpoint(ctx, "", constants.DefaultSelfSignedCertificateSecretName); err != nil { + if err := CreateTLSSecret(ctx, constants.DefaultSelfSignedCertificateSecretName); err != nil { return reconcile.Result{}, false, err } } @@ -46,7 +46,7 @@ func (t *TlsSecretReconciler) Reconcile(ctx *chetypes.DeployContext) (reconcile. } } else if ctx.IsSelfSignedCertificate { // Use default self-signed ingress certificate - if err := CreateTLSSecretFromEndpoint(ctx, "", constants.DefaultSelfSignedCertificateSecretName); err != nil { + if err := CreateTLSSecret(ctx, constants.DefaultSelfSignedCertificateSecretName); err != nil { return reconcile.Result{}, false, err } } diff --git a/pkg/deploy/tls/tls_utils.go b/pkg/deploy/tls/tls_utils.go index 52a5af92e..910ebd2b9 100644 --- a/pkg/deploy/tls/tls_utils.go +++ b/pkg/deploy/tls/tls_utils.go @@ -106,7 +106,7 @@ func IsSelfSignedCertificateUsed(ctx *chetypes.DeployContext) (bool, error) { // Retrieve the info about certificate chain from test ingress below. // Get route/ingress TLS certificates chain - peerCertificates, err := GetEndpointTLSCrtChain(ctx, "") + peerCertificates, err := GetTLSCrtChain(ctx) if err != nil { return false, err } @@ -122,107 +122,101 @@ func IsSelfSignedCertificateUsed(ctx *chetypes.DeployContext) (bool, error) { return false, nil } -// GetEndpointTLSCrtChain retrieves TLS certificates chain from given endpoint. -// If endpoint is not specified, then a test route/ingress will be created and used to get router certificates. -func GetEndpointTLSCrtChain(ctx *chetypes.DeployContext, endpointURL string) ([]*x509.Certificate, error) { +// GetTLSCrtChain retrieves TLS certificates chain from a test route/ingress. +func GetTLSCrtChain(ctx *chetypes.DeployContext) ([]*x509.Certificate, error) { if test.IsTestMode() { return nil, stderrors.New("Not allowed for tests") } - var useTestEndpoint bool = len(endpointURL) < 1 var requestURL string - if useTestEndpoint { - if infrastructure.IsOpenShift() { - // Create test route to get certificates chain. - // Note, it is not possible to use SyncRouteToCluster here as it may cause infinite reconcile loop. - routeSpec, err := deploy.GetRouteSpec( - ctx, - "test", - "", - "test", - 8080, - defaults.GetCheFlavor()) - if err != nil { + if infrastructure.IsOpenShift() { + // Create test route to get certificates chain. + // Note, it is not possible to use SyncRouteToCluster here as it may cause infinite reconcile loop. + routeSpec, err := deploy.GetRouteSpec( + ctx, + "test", + "", + "test", + 8080, + defaults.GetCheFlavor()) + if err != nil { + return nil, err + } + // Remove controller reference to prevent queueing new reconcile loop + routeSpec.SetOwnerReferences(nil) + // Create route manually + if err := ctx.ClusterAPI.Client.Create(context.TODO(), routeSpec); err != nil { + if !errors.IsAlreadyExists(err) { + logrus.Errorf("Failed to create test route 'test': %s", err) return nil, err } - // Remove controller reference to prevent queueing new reconcile loop - routeSpec.SetOwnerReferences(nil) - // Create route manually - if err := ctx.ClusterAPI.Client.Create(context.TODO(), routeSpec); err != nil { - if !errors.IsAlreadyExists(err) { - logrus.Errorf("Failed to create test route 'test': %s", err) - return nil, err - } - } - - // Schedule test route cleanup after the job done. - defer func() { - if err := ctx.ClusterAPI.Client.Delete(context.TODO(), routeSpec); err != nil { - logrus.Errorf("Failed to delete test route %s: %s", routeSpec.Name, err) - } - }() - - // Wait till the route is ready - route := &routev1.Route{} - for { - time.Sleep(time.Duration(1) * time.Second) - exists, err := deploy.GetNamespacedObject(ctx, routeSpec.Name, route) - if err != nil { - return nil, err - } else if exists { - break - } - } - - requestURL = "https://" + route.Spec.Host - } else { - // Kubernetes - - // Create test ingress to get certificates chain. - // Note, it is not possible to use SyncIngressToCluster here as it may cause infinite reconcile loop. - _, ingressSpec := deploy.GetIngressSpec( - ctx, - "test", - "", - "test", - 8080, - defaults.GetCheFlavor()) - // Create ingress manually - if err := ctx.ClusterAPI.Client.Create(context.TODO(), ingressSpec); err != nil { - if !errors.IsAlreadyExists(err) { - logrus.Errorf("Failed to create test ingress 'test': %s", err) - return nil, err - } - } - - // Schedule test ingress cleanup after the job done. - defer func() { - if err := ctx.ClusterAPI.Client.Delete(context.TODO(), ingressSpec); err != nil { - logrus.Errorf("Failed to delete test ingress %s: %s", ingressSpec.Name, err) - } - }() - - // Wait till the ingress is ready - ingress := &networking.Ingress{} - for { - time.Sleep(time.Duration(1) * time.Second) - exists, err := deploy.GetNamespacedObject(ctx, ingressSpec.Name, ingress) - if err != nil { - return nil, err - } else if exists { - break - } - } - - requestURL = "https://" + ingress.Spec.Rules[0].Host } + + // Schedule test route cleanup after the job done. + defer func() { + if err := ctx.ClusterAPI.Client.Delete(context.TODO(), routeSpec); err != nil { + logrus.Errorf("Failed to delete test route %s: %s", routeSpec.Name, err) + } + }() + + // Wait till the route is ready + route := &routev1.Route{} + for { + time.Sleep(time.Duration(1) * time.Second) + exists, err := deploy.GetNamespacedObject(ctx, routeSpec.Name, route) + if err != nil { + return nil, err + } else if exists { + break + } + } + + requestURL = "https://" + route.Spec.Host } else { - requestURL = endpointURL + // Kubernetes + + // Create test ingress to get certificates chain. + // Note, it is not possible to use SyncIngressToCluster here as it may cause infinite reconcile loop. + _, ingressSpec := deploy.GetIngressSpec( + ctx, + "test", + "", + "test", + 8080, + defaults.GetCheFlavor()) + // Create ingress manually + if err := ctx.ClusterAPI.Client.Create(context.TODO(), ingressSpec); err != nil { + if !errors.IsAlreadyExists(err) { + logrus.Errorf("Failed to create test ingress 'test': %s", err) + return nil, err + } + } + + // Schedule test ingress cleanup after the job done. + defer func() { + if err := ctx.ClusterAPI.Client.Delete(context.TODO(), ingressSpec); err != nil { + logrus.Errorf("Failed to delete test ingress %s: %s", ingressSpec.Name, err) + } + }() + + // Wait till the ingress is ready + ingress := &networking.Ingress{} + for { + time.Sleep(time.Duration(1) * time.Second) + exists, err := deploy.GetNamespacedObject(ctx, ingressSpec.Name, ingress) + if err != nil { + return nil, err + } else if exists { + break + } + } + + requestURL = "https://" + ingress.Spec.Rules[0].Host } - certificates, err := doRequestForTLSCrtChain(ctx, requestURL, useTestEndpoint) + certificates, err := doRequestForTLSCrtChain(ctx, requestURL, true) if err != nil { - if ctx.Proxy.HttpProxy != "" && useTestEndpoint { + if ctx.Proxy.HttpProxy != "" { // Fetching certificates from the test route without proxy failed. Probably non-proxy connections are blocked. // Retrying with proxy configuration, however it might cause retreiving of wrong certificate in case of TLS interception by proxy. logrus.Warn("Failed to get certificate chain of trust of the OpenShift Ingress bypassing the proxy") @@ -259,12 +253,9 @@ func doRequestForTLSCrtChain(ctx *chetypes.DeployContext, requestURL string, ski return resp.TLS.PeerCertificates, nil } -// GetEndpointTLSCrtBytes extracts certificate chain from given endpoint. -// Creates a test TLS route/ingress if endpoint url is empty. -// There's an easier way which is to read tls secret in default (3.11) or openshift-ingress (4.0) namespace -// which however requires extra privileges for operator service account -func GetEndpointTLSCrtBytes(ctx *chetypes.DeployContext, endpointURL string) (certificates []byte, err error) { - peerCertificates, err := GetEndpointTLSCrtChain(ctx, endpointURL) +// GetTLSCrtBytes extracts certificate chain of trust from the test route/ingress. +func GetTLSCrtBytes(ctx *chetypes.DeployContext) (certificates []byte, err error) { + peerCertificates, err := GetTLSCrtChain(ctx) if err != nil { if test.IsTestMode() { fakeCrt := make([]byte, 5) @@ -543,13 +534,12 @@ func GetAdditionalCACertsConfigMapVersion(ctx *chetypes.DeployContext) string { return "" } -// CreateTLSSecretFromEndpoint creates TLS secret with given name which contains certificates obtained from the given url. -// If the url is empty string, then cluster default certificate will be obtained. +// CreateTLSSecret creates TLS secret with given name. // Does nothing if secret with given name already exists. -func CreateTLSSecretFromEndpoint(ctx *chetypes.DeployContext, url string, name string) (err error) { +func CreateTLSSecret(ctx *chetypes.DeployContext, name string) (err error) { secret := &corev1.Secret{} if err := ctx.ClusterAPI.Client.Get(context.TODO(), types.NamespacedName{Name: name, Namespace: ctx.CheCluster.Namespace}, secret); err != nil && errors.IsNotFound(err) { - crtBytes, err := GetEndpointTLSCrtBytes(ctx, url) + crtBytes, err := GetTLSCrtBytes(ctx) if err != nil { logrus.Errorf("Failed to extract certificate for secret %s. Failed to create a secret with a self signed crt: %s", name, err) return err diff --git a/vendor/github.com/moby/spdystream/CONTRIBUTING.md b/vendor/github.com/moby/spdystream/CONTRIBUTING.md deleted file mode 100644 index d4eddcc53..000000000 --- a/vendor/github.com/moby/spdystream/CONTRIBUTING.md +++ /dev/null @@ -1,13 +0,0 @@ -# Contributing to SpdyStream - -Want to hack on spdystream? Awesome! Here are instructions to get you -started. - -SpdyStream is a part of the [Docker](https://docker.io) project, and follows -the same rules and principles. If you're already familiar with the way -Docker does things, you'll feel right at home. - -Otherwise, go read -[Docker's contributions guidelines](https://github.com/dotcloud/docker/blob/master/CONTRIBUTING.md). - -Happy hacking! diff --git a/vendor/github.com/moby/spdystream/LICENSE b/vendor/github.com/moby/spdystream/LICENSE deleted file mode 100644 index d64569567..000000000 --- a/vendor/github.com/moby/spdystream/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/github.com/moby/spdystream/MAINTAINERS b/vendor/github.com/moby/spdystream/MAINTAINERS deleted file mode 100644 index 26e5ec828..000000000 --- a/vendor/github.com/moby/spdystream/MAINTAINERS +++ /dev/null @@ -1,40 +0,0 @@ -# Spdystream maintainers file -# -# This file describes who runs the moby/spdystream project and how. -# This is a living document - if you see something out of date or missing, speak up! -# -# It is structured to be consumable by both humans and programs. -# To extract its contents programmatically, use any TOML-compliant parser. -# -# This file is compiled into the MAINTAINERS file in docker/opensource. -# -[Org] - [Org."Core maintainers"] - people = [ - "adisky", - "dims", - "dmcgowan", - ] - -[people] - -# A reference list of all people associated with the project. -# All other sections should refer to people by their canonical key -# in the people section. - - # ADD YOURSELF HERE IN ALPHABETICAL ORDER - - [people.adisky] - Name = "Aditi Sharma" - Email = "adi.sky17@gmail.com" - GitHub = "adisky" - - [people.dims] - Name = "Davanum Srinivas" - Email = "davanum@gmail.com" - GitHub = "dims" - - [people.dmcgowan] - Name = "Derek McGowan" - Email = "derek@mcg.dev" - GitHub = "dmcgowan" diff --git a/vendor/github.com/moby/spdystream/NOTICE b/vendor/github.com/moby/spdystream/NOTICE deleted file mode 100644 index b9b11c9ab..000000000 --- a/vendor/github.com/moby/spdystream/NOTICE +++ /dev/null @@ -1,5 +0,0 @@ -SpdyStream -Copyright 2014-2021 Docker Inc. - -This product includes software developed at -Docker Inc. (https://www.docker.com/). diff --git a/vendor/github.com/moby/spdystream/README.md b/vendor/github.com/moby/spdystream/README.md deleted file mode 100644 index b84e98343..000000000 --- a/vendor/github.com/moby/spdystream/README.md +++ /dev/null @@ -1,77 +0,0 @@ -# SpdyStream - -A multiplexed stream library using spdy - -## Usage - -Client example (connecting to mirroring server without auth) - -```go -package main - -import ( - "fmt" - "github.com/moby/spdystream" - "net" - "net/http" -) - -func main() { - conn, err := net.Dial("tcp", "localhost:8080") - if err != nil { - panic(err) - } - spdyConn, err := spdystream.NewConnection(conn, false) - if err != nil { - panic(err) - } - go spdyConn.Serve(spdystream.NoOpStreamHandler) - stream, err := spdyConn.CreateStream(http.Header{}, nil, false) - if err != nil { - panic(err) - } - - stream.Wait() - - fmt.Fprint(stream, "Writing to stream") - - buf := make([]byte, 25) - stream.Read(buf) - fmt.Println(string(buf)) - - stream.Close() -} -``` - -Server example (mirroring server without auth) - -```go -package main - -import ( - "github.com/moby/spdystream" - "net" -) - -func main() { - listener, err := net.Listen("tcp", "localhost:8080") - if err != nil { - panic(err) - } - for { - conn, err := listener.Accept() - if err != nil { - panic(err) - } - spdyConn, err := spdystream.NewConnection(conn, true) - if err != nil { - panic(err) - } - go spdyConn.Serve(spdystream.MirrorStreamHandler) - } -} -``` - -## Copyright and license - -Copyright 2013-2021 Docker, inc. Released under the [Apache 2.0 license](LICENSE). diff --git a/vendor/github.com/moby/spdystream/connection.go b/vendor/github.com/moby/spdystream/connection.go deleted file mode 100644 index d906bb05c..000000000 --- a/vendor/github.com/moby/spdystream/connection.go +++ /dev/null @@ -1,972 +0,0 @@ -/* - Copyright 2014-2021 Docker Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package spdystream - -import ( - "errors" - "fmt" - "io" - "net" - "net/http" - "sync" - "time" - - "github.com/moby/spdystream/spdy" -) - -var ( - ErrInvalidStreamId = errors.New("Invalid stream id") - ErrTimeout = errors.New("Timeout occurred") - ErrReset = errors.New("Stream reset") - ErrWriteClosedStream = errors.New("Write on closed stream") -) - -const ( - FRAME_WORKERS = 5 - QUEUE_SIZE = 50 -) - -type StreamHandler func(stream *Stream) - -type AuthHandler func(header http.Header, slot uint8, parent uint32) bool - -type idleAwareFramer struct { - f *spdy.Framer - conn *Connection - writeLock sync.Mutex - resetChan chan struct{} - setTimeoutLock sync.Mutex - setTimeoutChan chan time.Duration - timeout time.Duration -} - -func newIdleAwareFramer(framer *spdy.Framer) *idleAwareFramer { - iaf := &idleAwareFramer{ - f: framer, - resetChan: make(chan struct{}, 2), - // setTimeoutChan needs to be buffered to avoid deadlocks when calling setIdleTimeout at about - // the same time the connection is being closed - setTimeoutChan: make(chan time.Duration, 1), - } - return iaf -} - -func (i *idleAwareFramer) monitor() { - var ( - timer *time.Timer - expired <-chan time.Time - resetChan = i.resetChan - setTimeoutChan = i.setTimeoutChan - ) -Loop: - for { - select { - case timeout := <-i.setTimeoutChan: - i.timeout = timeout - if timeout == 0 { - if timer != nil { - timer.Stop() - } - } else { - if timer == nil { - timer = time.NewTimer(timeout) - expired = timer.C - } else { - timer.Reset(timeout) - } - } - case <-resetChan: - if timer != nil && i.timeout > 0 { - timer.Reset(i.timeout) - } - case <-expired: - i.conn.streamCond.L.Lock() - streams := i.conn.streams - i.conn.streams = make(map[spdy.StreamId]*Stream) - i.conn.streamCond.Broadcast() - i.conn.streamCond.L.Unlock() - go func() { - for _, stream := range streams { - stream.resetStream() - } - i.conn.Close() - }() - case <-i.conn.closeChan: - if timer != nil { - timer.Stop() - } - - // Start a goroutine to drain resetChan. This is needed because we've seen - // some unit tests with large numbers of goroutines get into a situation - // where resetChan fills up, at least 1 call to Write() is still trying to - // send to resetChan, the connection gets closed, and this case statement - // attempts to grab the write lock that Write() already has, causing a - // deadlock. - // - // See https://github.com/moby/spdystream/issues/49 for more details. - go func() { - for range resetChan { - } - }() - - go func() { - for range setTimeoutChan { - } - }() - - i.writeLock.Lock() - close(resetChan) - i.resetChan = nil - i.writeLock.Unlock() - - i.setTimeoutLock.Lock() - close(i.setTimeoutChan) - i.setTimeoutChan = nil - i.setTimeoutLock.Unlock() - - break Loop - } - } - - // Drain resetChan - for range resetChan { - } -} - -func (i *idleAwareFramer) WriteFrame(frame spdy.Frame) error { - i.writeLock.Lock() - defer i.writeLock.Unlock() - if i.resetChan == nil { - return io.EOF - } - err := i.f.WriteFrame(frame) - if err != nil { - return err - } - - i.resetChan <- struct{}{} - - return nil -} - -func (i *idleAwareFramer) ReadFrame() (spdy.Frame, error) { - frame, err := i.f.ReadFrame() - if err != nil { - return nil, err - } - - // resetChan should never be closed since it is only closed - // when the connection has closed its closeChan. This closure - // only occurs after all Reads have finished - // TODO (dmcgowan): refactor relationship into connection - i.resetChan <- struct{}{} - - return frame, nil -} - -func (i *idleAwareFramer) setIdleTimeout(timeout time.Duration) { - i.setTimeoutLock.Lock() - defer i.setTimeoutLock.Unlock() - - if i.setTimeoutChan == nil { - return - } - - i.setTimeoutChan <- timeout -} - -type Connection struct { - conn net.Conn - framer *idleAwareFramer - - closeChan chan bool - goneAway bool - lastStreamChan chan<- *Stream - goAwayTimeout time.Duration - closeTimeout time.Duration - - streamLock *sync.RWMutex - streamCond *sync.Cond - streams map[spdy.StreamId]*Stream - - nextIdLock sync.Mutex - receiveIdLock sync.Mutex - nextStreamId spdy.StreamId - receivedStreamId spdy.StreamId - - pingIdLock sync.Mutex - pingId uint32 - pingChans map[uint32]chan error - - shutdownLock sync.Mutex - shutdownChan chan error - hasShutdown bool - - // for testing https://github.com/moby/spdystream/pull/56 - dataFrameHandler func(*spdy.DataFrame) error -} - -// NewConnection creates a new spdy connection from an existing -// network connection. -func NewConnection(conn net.Conn, server bool) (*Connection, error) { - framer, framerErr := spdy.NewFramer(conn, conn) - if framerErr != nil { - return nil, framerErr - } - idleAwareFramer := newIdleAwareFramer(framer) - var sid spdy.StreamId - var rid spdy.StreamId - var pid uint32 - if server { - sid = 2 - rid = 1 - pid = 2 - } else { - sid = 1 - rid = 2 - pid = 1 - } - - streamLock := new(sync.RWMutex) - streamCond := sync.NewCond(streamLock) - - session := &Connection{ - conn: conn, - framer: idleAwareFramer, - - closeChan: make(chan bool), - goAwayTimeout: time.Duration(0), - closeTimeout: time.Duration(0), - - streamLock: streamLock, - streamCond: streamCond, - streams: make(map[spdy.StreamId]*Stream), - nextStreamId: sid, - receivedStreamId: rid, - - pingId: pid, - pingChans: make(map[uint32]chan error), - - shutdownChan: make(chan error), - } - session.dataFrameHandler = session.handleDataFrame - idleAwareFramer.conn = session - go idleAwareFramer.monitor() - - return session, nil -} - -// Ping sends a ping frame across the connection and -// returns the response time -func (s *Connection) Ping() (time.Duration, error) { - pid := s.pingId - s.pingIdLock.Lock() - if s.pingId > 0x7ffffffe { - s.pingId = s.pingId - 0x7ffffffe - } else { - s.pingId = s.pingId + 2 - } - s.pingIdLock.Unlock() - pingChan := make(chan error) - s.pingChans[pid] = pingChan - defer delete(s.pingChans, pid) - - frame := &spdy.PingFrame{Id: pid} - startTime := time.Now() - writeErr := s.framer.WriteFrame(frame) - if writeErr != nil { - return time.Duration(0), writeErr - } - select { - case <-s.closeChan: - return time.Duration(0), errors.New("connection closed") - case err, ok := <-pingChan: - if ok && err != nil { - return time.Duration(0), err - } - break - } - return time.Since(startTime), nil -} - -// Serve handles frames sent from the server, including reply frames -// which are needed to fully initiate connections. Both clients and servers -// should call Serve in a separate goroutine before creating streams. -func (s *Connection) Serve(newHandler StreamHandler) { - // use a WaitGroup to wait for all frames to be drained after receiving - // go-away. - var wg sync.WaitGroup - - // Parition queues to ensure stream frames are handled - // by the same worker, ensuring order is maintained - frameQueues := make([]*PriorityFrameQueue, FRAME_WORKERS) - for i := 0; i < FRAME_WORKERS; i++ { - frameQueues[i] = NewPriorityFrameQueue(QUEUE_SIZE) - - // Ensure frame queue is drained when connection is closed - go func(frameQueue *PriorityFrameQueue) { - <-s.closeChan - frameQueue.Drain() - }(frameQueues[i]) - - wg.Add(1) - go func(frameQueue *PriorityFrameQueue) { - // let the WaitGroup know this worker is done - defer wg.Done() - - s.frameHandler(frameQueue, newHandler) - }(frameQueues[i]) - } - - var ( - partitionRoundRobin int - goAwayFrame *spdy.GoAwayFrame - ) -Loop: - for { - readFrame, err := s.framer.ReadFrame() - if err != nil { - if err != io.EOF { - debugMessage("frame read error: %s", err) - } else { - debugMessage("(%p) EOF received", s) - } - break - } - var priority uint8 - var partition int - switch frame := readFrame.(type) { - case *spdy.SynStreamFrame: - if s.checkStreamFrame(frame) { - priority = frame.Priority - partition = int(frame.StreamId % FRAME_WORKERS) - debugMessage("(%p) Add stream frame: %d ", s, frame.StreamId) - s.addStreamFrame(frame) - } else { - debugMessage("(%p) Rejected stream frame: %d ", s, frame.StreamId) - continue - } - case *spdy.SynReplyFrame: - priority = s.getStreamPriority(frame.StreamId) - partition = int(frame.StreamId % FRAME_WORKERS) - case *spdy.DataFrame: - priority = s.getStreamPriority(frame.StreamId) - partition = int(frame.StreamId % FRAME_WORKERS) - case *spdy.RstStreamFrame: - priority = s.getStreamPriority(frame.StreamId) - partition = int(frame.StreamId % FRAME_WORKERS) - case *spdy.HeadersFrame: - priority = s.getStreamPriority(frame.StreamId) - partition = int(frame.StreamId % FRAME_WORKERS) - case *spdy.PingFrame: - priority = 0 - partition = partitionRoundRobin - partitionRoundRobin = (partitionRoundRobin + 1) % FRAME_WORKERS - case *spdy.GoAwayFrame: - // hold on to the go away frame and exit the loop - goAwayFrame = frame - break Loop - default: - priority = 7 - partition = partitionRoundRobin - partitionRoundRobin = (partitionRoundRobin + 1) % FRAME_WORKERS - } - frameQueues[partition].Push(readFrame, priority) - } - close(s.closeChan) - - // wait for all frame handler workers to indicate they've drained their queues - // before handling the go away frame - wg.Wait() - - if goAwayFrame != nil { - s.handleGoAwayFrame(goAwayFrame) - } - - // now it's safe to close remote channels and empty s.streams - s.streamCond.L.Lock() - // notify streams that they're now closed, which will - // unblock any stream Read() calls - for _, stream := range s.streams { - stream.closeRemoteChannels() - } - s.streams = make(map[spdy.StreamId]*Stream) - s.streamCond.Broadcast() - s.streamCond.L.Unlock() -} - -func (s *Connection) frameHandler(frameQueue *PriorityFrameQueue, newHandler StreamHandler) { - for { - popFrame := frameQueue.Pop() - if popFrame == nil { - return - } - - var frameErr error - switch frame := popFrame.(type) { - case *spdy.SynStreamFrame: - frameErr = s.handleStreamFrame(frame, newHandler) - case *spdy.SynReplyFrame: - frameErr = s.handleReplyFrame(frame) - case *spdy.DataFrame: - frameErr = s.dataFrameHandler(frame) - case *spdy.RstStreamFrame: - frameErr = s.handleResetFrame(frame) - case *spdy.HeadersFrame: - frameErr = s.handleHeaderFrame(frame) - case *spdy.PingFrame: - frameErr = s.handlePingFrame(frame) - case *spdy.GoAwayFrame: - frameErr = s.handleGoAwayFrame(frame) - default: - frameErr = fmt.Errorf("unhandled frame type: %T", frame) - } - - if frameErr != nil { - debugMessage("frame handling error: %s", frameErr) - } - } -} - -func (s *Connection) getStreamPriority(streamId spdy.StreamId) uint8 { - stream, streamOk := s.getStream(streamId) - if !streamOk { - return 7 - } - return stream.priority -} - -func (s *Connection) addStreamFrame(frame *spdy.SynStreamFrame) { - var parent *Stream - if frame.AssociatedToStreamId != spdy.StreamId(0) { - parent, _ = s.getStream(frame.AssociatedToStreamId) - } - - stream := &Stream{ - streamId: frame.StreamId, - parent: parent, - conn: s, - startChan: make(chan error), - headers: frame.Headers, - finished: (frame.CFHeader.Flags & spdy.ControlFlagUnidirectional) != 0x00, - replyCond: sync.NewCond(new(sync.Mutex)), - dataChan: make(chan []byte), - headerChan: make(chan http.Header), - closeChan: make(chan bool), - priority: frame.Priority, - } - if frame.CFHeader.Flags&spdy.ControlFlagFin != 0x00 { - stream.closeRemoteChannels() - } - - s.addStream(stream) -} - -// checkStreamFrame checks to see if a stream frame is allowed. -// If the stream is invalid, then a reset frame with protocol error -// will be returned. -func (s *Connection) checkStreamFrame(frame *spdy.SynStreamFrame) bool { - s.receiveIdLock.Lock() - defer s.receiveIdLock.Unlock() - if s.goneAway { - return false - } - validationErr := s.validateStreamId(frame.StreamId) - if validationErr != nil { - go func() { - resetErr := s.sendResetFrame(spdy.ProtocolError, frame.StreamId) - if resetErr != nil { - debugMessage("reset error: %s", resetErr) - } - }() - return false - } - return true -} - -func (s *Connection) handleStreamFrame(frame *spdy.SynStreamFrame, newHandler StreamHandler) error { - stream, ok := s.getStream(frame.StreamId) - if !ok { - return fmt.Errorf("Missing stream: %d", frame.StreamId) - } - - newHandler(stream) - - return nil -} - -func (s *Connection) handleReplyFrame(frame *spdy.SynReplyFrame) error { - debugMessage("(%p) Reply frame received for %d", s, frame.StreamId) - stream, streamOk := s.getStream(frame.StreamId) - if !streamOk { - debugMessage("Reply frame gone away for %d", frame.StreamId) - // Stream has already gone away - return nil - } - if stream.replied { - // Stream has already received reply - return nil - } - stream.replied = true - - // TODO Check for error - if (frame.CFHeader.Flags & spdy.ControlFlagFin) != 0x00 { - s.remoteStreamFinish(stream) - } - - close(stream.startChan) - - return nil -} - -func (s *Connection) handleResetFrame(frame *spdy.RstStreamFrame) error { - stream, streamOk := s.getStream(frame.StreamId) - if !streamOk { - // Stream has already been removed - return nil - } - s.removeStream(stream) - stream.closeRemoteChannels() - - if !stream.replied { - stream.replied = true - stream.startChan <- ErrReset - close(stream.startChan) - } - - stream.finishLock.Lock() - stream.finished = true - stream.finishLock.Unlock() - - return nil -} - -func (s *Connection) handleHeaderFrame(frame *spdy.HeadersFrame) error { - stream, streamOk := s.getStream(frame.StreamId) - if !streamOk { - // Stream has already gone away - return nil - } - if !stream.replied { - // No reply received...Protocol error? - return nil - } - - // TODO limit headers while not blocking (use buffered chan or goroutine?) - select { - case <-stream.closeChan: - return nil - case stream.headerChan <- frame.Headers: - } - - if (frame.CFHeader.Flags & spdy.ControlFlagFin) != 0x00 { - s.remoteStreamFinish(stream) - } - - return nil -} - -func (s *Connection) handleDataFrame(frame *spdy.DataFrame) error { - debugMessage("(%p) Data frame received for %d", s, frame.StreamId) - stream, streamOk := s.getStream(frame.StreamId) - if !streamOk { - debugMessage("(%p) Data frame gone away for %d", s, frame.StreamId) - // Stream has already gone away - return nil - } - if !stream.replied { - debugMessage("(%p) Data frame not replied %d", s, frame.StreamId) - // No reply received...Protocol error? - return nil - } - - debugMessage("(%p) (%d) Data frame handling", stream, stream.streamId) - if len(frame.Data) > 0 { - stream.dataLock.RLock() - select { - case <-stream.closeChan: - debugMessage("(%p) (%d) Data frame not sent (stream shut down)", stream, stream.streamId) - case stream.dataChan <- frame.Data: - debugMessage("(%p) (%d) Data frame sent", stream, stream.streamId) - } - stream.dataLock.RUnlock() - } - if (frame.Flags & spdy.DataFlagFin) != 0x00 { - s.remoteStreamFinish(stream) - } - return nil -} - -func (s *Connection) handlePingFrame(frame *spdy.PingFrame) error { - if s.pingId&0x01 != frame.Id&0x01 { - return s.framer.WriteFrame(frame) - } - pingChan, pingOk := s.pingChans[frame.Id] - if pingOk { - close(pingChan) - } - return nil -} - -func (s *Connection) handleGoAwayFrame(frame *spdy.GoAwayFrame) error { - debugMessage("(%p) Go away received", s) - s.receiveIdLock.Lock() - if s.goneAway { - s.receiveIdLock.Unlock() - return nil - } - s.goneAway = true - s.receiveIdLock.Unlock() - - if s.lastStreamChan != nil { - stream, _ := s.getStream(frame.LastGoodStreamId) - go func() { - s.lastStreamChan <- stream - }() - } - - // Do not block frame handler waiting for closure - go s.shutdown(s.goAwayTimeout) - - return nil -} - -func (s *Connection) remoteStreamFinish(stream *Stream) { - stream.closeRemoteChannels() - - stream.finishLock.Lock() - if stream.finished { - // Stream is fully closed, cleanup - s.removeStream(stream) - } - stream.finishLock.Unlock() -} - -// CreateStream creates a new spdy stream using the parameters for -// creating the stream frame. The stream frame will be sent upon -// calling this function, however this function does not wait for -// the reply frame. If waiting for the reply is desired, use -// the stream Wait or WaitTimeout function on the stream returned -// by this function. -func (s *Connection) CreateStream(headers http.Header, parent *Stream, fin bool) (*Stream, error) { - // MUST synchronize stream creation (all the way to writing the frame) - // as stream IDs **MUST** increase monotonically. - s.nextIdLock.Lock() - defer s.nextIdLock.Unlock() - - streamId := s.getNextStreamId() - if streamId == 0 { - return nil, fmt.Errorf("Unable to get new stream id") - } - - stream := &Stream{ - streamId: streamId, - parent: parent, - conn: s, - startChan: make(chan error), - headers: headers, - dataChan: make(chan []byte), - headerChan: make(chan http.Header), - closeChan: make(chan bool), - } - - debugMessage("(%p) (%p) Create stream", s, stream) - - s.addStream(stream) - - return stream, s.sendStream(stream, fin) -} - -func (s *Connection) shutdown(closeTimeout time.Duration) { - // TODO Ensure this isn't called multiple times - s.shutdownLock.Lock() - if s.hasShutdown { - s.shutdownLock.Unlock() - return - } - s.hasShutdown = true - s.shutdownLock.Unlock() - - var timeout <-chan time.Time - if closeTimeout > time.Duration(0) { - timeout = time.After(closeTimeout) - } - streamsClosed := make(chan bool) - - go func() { - s.streamCond.L.Lock() - for len(s.streams) > 0 { - debugMessage("Streams opened: %d, %#v", len(s.streams), s.streams) - s.streamCond.Wait() - } - s.streamCond.L.Unlock() - close(streamsClosed) - }() - - var err error - select { - case <-streamsClosed: - // No active streams, close should be safe - err = s.conn.Close() - case <-timeout: - // Force ungraceful close - err = s.conn.Close() - // Wait for cleanup to clear active streams - <-streamsClosed - } - - if err != nil { - duration := 10 * time.Minute - time.AfterFunc(duration, func() { - select { - case err, ok := <-s.shutdownChan: - if ok { - debugMessage("Unhandled close error after %s: %s", duration, err) - } - default: - } - }) - s.shutdownChan <- err - } - close(s.shutdownChan) -} - -// Closes spdy connection by sending GoAway frame and initiating shutdown -func (s *Connection) Close() error { - s.receiveIdLock.Lock() - if s.goneAway { - s.receiveIdLock.Unlock() - return nil - } - s.goneAway = true - s.receiveIdLock.Unlock() - - var lastStreamId spdy.StreamId - if s.receivedStreamId > 2 { - lastStreamId = s.receivedStreamId - 2 - } - - goAwayFrame := &spdy.GoAwayFrame{ - LastGoodStreamId: lastStreamId, - Status: spdy.GoAwayOK, - } - - err := s.framer.WriteFrame(goAwayFrame) - go s.shutdown(s.closeTimeout) - if err != nil { - return err - } - - return nil -} - -// CloseWait closes the connection and waits for shutdown -// to finish. Note the underlying network Connection -// is not closed until the end of shutdown. -func (s *Connection) CloseWait() error { - closeErr := s.Close() - if closeErr != nil { - return closeErr - } - shutdownErr, ok := <-s.shutdownChan - if ok { - return shutdownErr - } - return nil -} - -// Wait waits for the connection to finish shutdown or for -// the wait timeout duration to expire. This needs to be -// called either after Close has been called or the GOAWAYFRAME -// has been received. If the wait timeout is 0, this function -// will block until shutdown finishes. If wait is never called -// and a shutdown error occurs, that error will be logged as an -// unhandled error. -func (s *Connection) Wait(waitTimeout time.Duration) error { - var timeout <-chan time.Time - if waitTimeout > time.Duration(0) { - timeout = time.After(waitTimeout) - } - - select { - case err, ok := <-s.shutdownChan: - if ok { - return err - } - case <-timeout: - return ErrTimeout - } - return nil -} - -// NotifyClose registers a channel to be called when the remote -// peer inidicates connection closure. The last stream to be -// received by the remote will be sent on the channel. The notify -// timeout will determine the duration between go away received -// and the connection being closed. -func (s *Connection) NotifyClose(c chan<- *Stream, timeout time.Duration) { - s.goAwayTimeout = timeout - s.lastStreamChan = c -} - -// SetCloseTimeout sets the amount of time close will wait for -// streams to finish before terminating the underlying network -// connection. Setting the timeout to 0 will cause close to -// wait forever, which is the default. -func (s *Connection) SetCloseTimeout(timeout time.Duration) { - s.closeTimeout = timeout -} - -// SetIdleTimeout sets the amount of time the connection may sit idle before -// it is forcefully terminated. -func (s *Connection) SetIdleTimeout(timeout time.Duration) { - s.framer.setIdleTimeout(timeout) -} - -func (s *Connection) sendHeaders(headers http.Header, stream *Stream, fin bool) error { - var flags spdy.ControlFlags - if fin { - flags = spdy.ControlFlagFin - } - - headerFrame := &spdy.HeadersFrame{ - StreamId: stream.streamId, - Headers: headers, - CFHeader: spdy.ControlFrameHeader{Flags: flags}, - } - - return s.framer.WriteFrame(headerFrame) -} - -func (s *Connection) sendReply(headers http.Header, stream *Stream, fin bool) error { - var flags spdy.ControlFlags - if fin { - flags = spdy.ControlFlagFin - } - - replyFrame := &spdy.SynReplyFrame{ - StreamId: stream.streamId, - Headers: headers, - CFHeader: spdy.ControlFrameHeader{Flags: flags}, - } - - return s.framer.WriteFrame(replyFrame) -} - -func (s *Connection) sendResetFrame(status spdy.RstStreamStatus, streamId spdy.StreamId) error { - resetFrame := &spdy.RstStreamFrame{ - StreamId: streamId, - Status: status, - } - - return s.framer.WriteFrame(resetFrame) -} - -func (s *Connection) sendReset(status spdy.RstStreamStatus, stream *Stream) error { - return s.sendResetFrame(status, stream.streamId) -} - -func (s *Connection) sendStream(stream *Stream, fin bool) error { - var flags spdy.ControlFlags - if fin { - flags = spdy.ControlFlagFin - stream.finished = true - } - - var parentId spdy.StreamId - if stream.parent != nil { - parentId = stream.parent.streamId - } - - streamFrame := &spdy.SynStreamFrame{ - StreamId: spdy.StreamId(stream.streamId), - AssociatedToStreamId: spdy.StreamId(parentId), - Headers: stream.headers, - CFHeader: spdy.ControlFrameHeader{Flags: flags}, - } - - return s.framer.WriteFrame(streamFrame) -} - -// getNextStreamId returns the next sequential id -// every call should produce a unique value or an error -func (s *Connection) getNextStreamId() spdy.StreamId { - sid := s.nextStreamId - if sid > 0x7fffffff { - return 0 - } - s.nextStreamId = s.nextStreamId + 2 - return sid -} - -// PeekNextStreamId returns the next sequential id and keeps the next id untouched -func (s *Connection) PeekNextStreamId() spdy.StreamId { - sid := s.nextStreamId - return sid -} - -func (s *Connection) validateStreamId(rid spdy.StreamId) error { - if rid > 0x7fffffff || rid < s.receivedStreamId { - return ErrInvalidStreamId - } - s.receivedStreamId = rid + 2 - return nil -} - -func (s *Connection) addStream(stream *Stream) { - s.streamCond.L.Lock() - s.streams[stream.streamId] = stream - debugMessage("(%p) (%p) Stream added, broadcasting: %d", s, stream, stream.streamId) - s.streamCond.Broadcast() - s.streamCond.L.Unlock() -} - -func (s *Connection) removeStream(stream *Stream) { - s.streamCond.L.Lock() - delete(s.streams, stream.streamId) - debugMessage("(%p) (%p) Stream removed, broadcasting: %d", s, stream, stream.streamId) - s.streamCond.Broadcast() - s.streamCond.L.Unlock() -} - -func (s *Connection) getStream(streamId spdy.StreamId) (stream *Stream, ok bool) { - s.streamLock.RLock() - stream, ok = s.streams[streamId] - s.streamLock.RUnlock() - return -} - -// FindStream looks up the given stream id and either waits for the -// stream to be found or returns nil if the stream id is no longer -// valid. -func (s *Connection) FindStream(streamId uint32) *Stream { - var stream *Stream - var ok bool - s.streamCond.L.Lock() - stream, ok = s.streams[spdy.StreamId(streamId)] - debugMessage("(%p) Found stream %d? %t", s, spdy.StreamId(streamId), ok) - for !ok && streamId >= uint32(s.receivedStreamId) { - s.streamCond.Wait() - stream, ok = s.streams[spdy.StreamId(streamId)] - } - s.streamCond.L.Unlock() - return stream -} - -func (s *Connection) CloseChan() <-chan bool { - return s.closeChan -} diff --git a/vendor/github.com/moby/spdystream/handlers.go b/vendor/github.com/moby/spdystream/handlers.go deleted file mode 100644 index d68f61f81..000000000 --- a/vendor/github.com/moby/spdystream/handlers.go +++ /dev/null @@ -1,52 +0,0 @@ -/* - Copyright 2014-2021 Docker Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package spdystream - -import ( - "io" - "net/http" -) - -// MirrorStreamHandler mirrors all streams. -func MirrorStreamHandler(stream *Stream) { - replyErr := stream.SendReply(http.Header{}, false) - if replyErr != nil { - return - } - - go func() { - io.Copy(stream, stream) - stream.Close() - }() - go func() { - for { - header, receiveErr := stream.ReceiveHeader() - if receiveErr != nil { - return - } - sendErr := stream.SendHeader(header, false) - if sendErr != nil { - return - } - } - }() -} - -// NoopStreamHandler does nothing when stream connects. -func NoOpStreamHandler(stream *Stream) { - stream.SendReply(http.Header{}, false) -} diff --git a/vendor/github.com/moby/spdystream/priority.go b/vendor/github.com/moby/spdystream/priority.go deleted file mode 100644 index d8eb3516c..000000000 --- a/vendor/github.com/moby/spdystream/priority.go +++ /dev/null @@ -1,114 +0,0 @@ -/* - Copyright 2014-2021 Docker Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package spdystream - -import ( - "container/heap" - "sync" - - "github.com/moby/spdystream/spdy" -) - -type prioritizedFrame struct { - frame spdy.Frame - priority uint8 - insertId uint64 -} - -type frameQueue []*prioritizedFrame - -func (fq frameQueue) Len() int { - return len(fq) -} - -func (fq frameQueue) Less(i, j int) bool { - if fq[i].priority == fq[j].priority { - return fq[i].insertId < fq[j].insertId - } - return fq[i].priority < fq[j].priority -} - -func (fq frameQueue) Swap(i, j int) { - fq[i], fq[j] = fq[j], fq[i] -} - -func (fq *frameQueue) Push(x interface{}) { - *fq = append(*fq, x.(*prioritizedFrame)) -} - -func (fq *frameQueue) Pop() interface{} { - old := *fq - n := len(old) - *fq = old[0 : n-1] - return old[n-1] -} - -type PriorityFrameQueue struct { - queue *frameQueue - c *sync.Cond - size int - nextInsertId uint64 - drain bool -} - -func NewPriorityFrameQueue(size int) *PriorityFrameQueue { - queue := make(frameQueue, 0, size) - heap.Init(&queue) - - return &PriorityFrameQueue{ - queue: &queue, - size: size, - c: sync.NewCond(&sync.Mutex{}), - } -} - -func (q *PriorityFrameQueue) Push(frame spdy.Frame, priority uint8) { - q.c.L.Lock() - defer q.c.L.Unlock() - for q.queue.Len() >= q.size { - q.c.Wait() - } - pFrame := &prioritizedFrame{ - frame: frame, - priority: priority, - insertId: q.nextInsertId, - } - q.nextInsertId = q.nextInsertId + 1 - heap.Push(q.queue, pFrame) - q.c.Signal() -} - -func (q *PriorityFrameQueue) Pop() spdy.Frame { - q.c.L.Lock() - defer q.c.L.Unlock() - for q.queue.Len() == 0 { - if q.drain { - return nil - } - q.c.Wait() - } - frame := heap.Pop(q.queue).(*prioritizedFrame).frame - q.c.Signal() - return frame -} - -func (q *PriorityFrameQueue) Drain() { - q.c.L.Lock() - defer q.c.L.Unlock() - q.drain = true - q.c.Broadcast() -} diff --git a/vendor/github.com/moby/spdystream/spdy/dictionary.go b/vendor/github.com/moby/spdystream/spdy/dictionary.go deleted file mode 100644 index 392232f17..000000000 --- a/vendor/github.com/moby/spdystream/spdy/dictionary.go +++ /dev/null @@ -1,203 +0,0 @@ -/* - Copyright 2014-2021 Docker Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -// Copyright 2013 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package spdy - -// headerDictionary is the dictionary sent to the zlib compressor/decompressor. -var headerDictionary = []byte{ - 0x00, 0x00, 0x00, 0x07, 0x6f, 0x70, 0x74, 0x69, - 0x6f, 0x6e, 0x73, 0x00, 0x00, 0x00, 0x04, 0x68, - 0x65, 0x61, 0x64, 0x00, 0x00, 0x00, 0x04, 0x70, - 0x6f, 0x73, 0x74, 0x00, 0x00, 0x00, 0x03, 0x70, - 0x75, 0x74, 0x00, 0x00, 0x00, 0x06, 0x64, 0x65, - 0x6c, 0x65, 0x74, 0x65, 0x00, 0x00, 0x00, 0x05, - 0x74, 0x72, 0x61, 0x63, 0x65, 0x00, 0x00, 0x00, - 0x06, 0x61, 0x63, 0x63, 0x65, 0x70, 0x74, 0x00, - 0x00, 0x00, 0x0e, 0x61, 0x63, 0x63, 0x65, 0x70, - 0x74, 0x2d, 0x63, 0x68, 0x61, 0x72, 0x73, 0x65, - 0x74, 0x00, 0x00, 0x00, 0x0f, 0x61, 0x63, 0x63, - 0x65, 0x70, 0x74, 0x2d, 0x65, 0x6e, 0x63, 0x6f, - 0x64, 0x69, 0x6e, 0x67, 0x00, 0x00, 0x00, 0x0f, - 0x61, 0x63, 0x63, 0x65, 0x70, 0x74, 0x2d, 0x6c, - 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x00, - 0x00, 0x00, 0x0d, 0x61, 0x63, 0x63, 0x65, 0x70, - 0x74, 0x2d, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x73, - 0x00, 0x00, 0x00, 0x03, 0x61, 0x67, 0x65, 0x00, - 0x00, 0x00, 0x05, 0x61, 0x6c, 0x6c, 0x6f, 0x77, - 0x00, 0x00, 0x00, 0x0d, 0x61, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x00, 0x00, 0x00, 0x0d, 0x63, 0x61, 0x63, - 0x68, 0x65, 0x2d, 0x63, 0x6f, 0x6e, 0x74, 0x72, - 0x6f, 0x6c, 0x00, 0x00, 0x00, 0x0a, 0x63, 0x6f, - 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x00, 0x00, 0x00, 0x0c, 0x63, 0x6f, 0x6e, 0x74, - 0x65, 0x6e, 0x74, 0x2d, 0x62, 0x61, 0x73, 0x65, - 0x00, 0x00, 0x00, 0x10, 0x63, 0x6f, 0x6e, 0x74, - 0x65, 0x6e, 0x74, 0x2d, 0x65, 0x6e, 0x63, 0x6f, - 0x64, 0x69, 0x6e, 0x67, 0x00, 0x00, 0x00, 0x10, - 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, - 0x6c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, - 0x00, 0x00, 0x00, 0x0e, 0x63, 0x6f, 0x6e, 0x74, - 0x65, 0x6e, 0x74, 0x2d, 0x6c, 0x65, 0x6e, 0x67, - 0x74, 0x68, 0x00, 0x00, 0x00, 0x10, 0x63, 0x6f, - 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x6c, 0x6f, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x00, 0x00, - 0x00, 0x0b, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, - 0x74, 0x2d, 0x6d, 0x64, 0x35, 0x00, 0x00, 0x00, - 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, - 0x2d, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x00, 0x00, - 0x00, 0x0c, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, - 0x74, 0x2d, 0x74, 0x79, 0x70, 0x65, 0x00, 0x00, - 0x00, 0x04, 0x64, 0x61, 0x74, 0x65, 0x00, 0x00, - 0x00, 0x04, 0x65, 0x74, 0x61, 0x67, 0x00, 0x00, - 0x00, 0x06, 0x65, 0x78, 0x70, 0x65, 0x63, 0x74, - 0x00, 0x00, 0x00, 0x07, 0x65, 0x78, 0x70, 0x69, - 0x72, 0x65, 0x73, 0x00, 0x00, 0x00, 0x04, 0x66, - 0x72, 0x6f, 0x6d, 0x00, 0x00, 0x00, 0x04, 0x68, - 0x6f, 0x73, 0x74, 0x00, 0x00, 0x00, 0x08, 0x69, - 0x66, 0x2d, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x00, - 0x00, 0x00, 0x11, 0x69, 0x66, 0x2d, 0x6d, 0x6f, - 0x64, 0x69, 0x66, 0x69, 0x65, 0x64, 0x2d, 0x73, - 0x69, 0x6e, 0x63, 0x65, 0x00, 0x00, 0x00, 0x0d, - 0x69, 0x66, 0x2d, 0x6e, 0x6f, 0x6e, 0x65, 0x2d, - 0x6d, 0x61, 0x74, 0x63, 0x68, 0x00, 0x00, 0x00, - 0x08, 0x69, 0x66, 0x2d, 0x72, 0x61, 0x6e, 0x67, - 0x65, 0x00, 0x00, 0x00, 0x13, 0x69, 0x66, 0x2d, - 0x75, 0x6e, 0x6d, 0x6f, 0x64, 0x69, 0x66, 0x69, - 0x65, 0x64, 0x2d, 0x73, 0x69, 0x6e, 0x63, 0x65, - 0x00, 0x00, 0x00, 0x0d, 0x6c, 0x61, 0x73, 0x74, - 0x2d, 0x6d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, - 0x64, 0x00, 0x00, 0x00, 0x08, 0x6c, 0x6f, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x00, 0x00, 0x00, - 0x0c, 0x6d, 0x61, 0x78, 0x2d, 0x66, 0x6f, 0x72, - 0x77, 0x61, 0x72, 0x64, 0x73, 0x00, 0x00, 0x00, - 0x06, 0x70, 0x72, 0x61, 0x67, 0x6d, 0x61, 0x00, - 0x00, 0x00, 0x12, 0x70, 0x72, 0x6f, 0x78, 0x79, - 0x2d, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x00, 0x00, 0x00, - 0x13, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2d, 0x61, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x00, 0x00, 0x00, 0x05, - 0x72, 0x61, 0x6e, 0x67, 0x65, 0x00, 0x00, 0x00, - 0x07, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x72, - 0x00, 0x00, 0x00, 0x0b, 0x72, 0x65, 0x74, 0x72, - 0x79, 0x2d, 0x61, 0x66, 0x74, 0x65, 0x72, 0x00, - 0x00, 0x00, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x00, 0x00, 0x00, 0x02, 0x74, 0x65, 0x00, - 0x00, 0x00, 0x07, 0x74, 0x72, 0x61, 0x69, 0x6c, - 0x65, 0x72, 0x00, 0x00, 0x00, 0x11, 0x74, 0x72, - 0x61, 0x6e, 0x73, 0x66, 0x65, 0x72, 0x2d, 0x65, - 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x00, - 0x00, 0x00, 0x07, 0x75, 0x70, 0x67, 0x72, 0x61, - 0x64, 0x65, 0x00, 0x00, 0x00, 0x0a, 0x75, 0x73, - 0x65, 0x72, 0x2d, 0x61, 0x67, 0x65, 0x6e, 0x74, - 0x00, 0x00, 0x00, 0x04, 0x76, 0x61, 0x72, 0x79, - 0x00, 0x00, 0x00, 0x03, 0x76, 0x69, 0x61, 0x00, - 0x00, 0x00, 0x07, 0x77, 0x61, 0x72, 0x6e, 0x69, - 0x6e, 0x67, 0x00, 0x00, 0x00, 0x10, 0x77, 0x77, - 0x77, 0x2d, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, - 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x00, 0x00, - 0x00, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, - 0x00, 0x00, 0x00, 0x03, 0x67, 0x65, 0x74, 0x00, - 0x00, 0x00, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, - 0x73, 0x00, 0x00, 0x00, 0x06, 0x32, 0x30, 0x30, - 0x20, 0x4f, 0x4b, 0x00, 0x00, 0x00, 0x07, 0x76, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x00, 0x00, - 0x00, 0x08, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, - 0x2e, 0x31, 0x00, 0x00, 0x00, 0x03, 0x75, 0x72, - 0x6c, 0x00, 0x00, 0x00, 0x06, 0x70, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x00, 0x00, 0x00, 0x0a, 0x73, - 0x65, 0x74, 0x2d, 0x63, 0x6f, 0x6f, 0x6b, 0x69, - 0x65, 0x00, 0x00, 0x00, 0x0a, 0x6b, 0x65, 0x65, - 0x70, 0x2d, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x00, - 0x00, 0x00, 0x06, 0x6f, 0x72, 0x69, 0x67, 0x69, - 0x6e, 0x31, 0x30, 0x30, 0x31, 0x30, 0x31, 0x32, - 0x30, 0x31, 0x32, 0x30, 0x32, 0x32, 0x30, 0x35, - 0x32, 0x30, 0x36, 0x33, 0x30, 0x30, 0x33, 0x30, - 0x32, 0x33, 0x30, 0x33, 0x33, 0x30, 0x34, 0x33, - 0x30, 0x35, 0x33, 0x30, 0x36, 0x33, 0x30, 0x37, - 0x34, 0x30, 0x32, 0x34, 0x30, 0x35, 0x34, 0x30, - 0x36, 0x34, 0x30, 0x37, 0x34, 0x30, 0x38, 0x34, - 0x30, 0x39, 0x34, 0x31, 0x30, 0x34, 0x31, 0x31, - 0x34, 0x31, 0x32, 0x34, 0x31, 0x33, 0x34, 0x31, - 0x34, 0x34, 0x31, 0x35, 0x34, 0x31, 0x36, 0x34, - 0x31, 0x37, 0x35, 0x30, 0x32, 0x35, 0x30, 0x34, - 0x35, 0x30, 0x35, 0x32, 0x30, 0x33, 0x20, 0x4e, - 0x6f, 0x6e, 0x2d, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x61, 0x74, 0x69, 0x76, 0x65, - 0x20, 0x49, 0x6e, 0x66, 0x6f, 0x72, 0x6d, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x30, 0x34, 0x20, - 0x4e, 0x6f, 0x20, 0x43, 0x6f, 0x6e, 0x74, 0x65, - 0x6e, 0x74, 0x33, 0x30, 0x31, 0x20, 0x4d, 0x6f, - 0x76, 0x65, 0x64, 0x20, 0x50, 0x65, 0x72, 0x6d, - 0x61, 0x6e, 0x65, 0x6e, 0x74, 0x6c, 0x79, 0x34, - 0x30, 0x30, 0x20, 0x42, 0x61, 0x64, 0x20, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x34, 0x30, - 0x31, 0x20, 0x55, 0x6e, 0x61, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x34, 0x30, - 0x33, 0x20, 0x46, 0x6f, 0x72, 0x62, 0x69, 0x64, - 0x64, 0x65, 0x6e, 0x34, 0x30, 0x34, 0x20, 0x4e, - 0x6f, 0x74, 0x20, 0x46, 0x6f, 0x75, 0x6e, 0x64, - 0x35, 0x30, 0x30, 0x20, 0x49, 0x6e, 0x74, 0x65, - 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x20, 0x45, 0x72, 0x72, 0x6f, - 0x72, 0x35, 0x30, 0x31, 0x20, 0x4e, 0x6f, 0x74, - 0x20, 0x49, 0x6d, 0x70, 0x6c, 0x65, 0x6d, 0x65, - 0x6e, 0x74, 0x65, 0x64, 0x35, 0x30, 0x33, 0x20, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x20, - 0x55, 0x6e, 0x61, 0x76, 0x61, 0x69, 0x6c, 0x61, - 0x62, 0x6c, 0x65, 0x4a, 0x61, 0x6e, 0x20, 0x46, - 0x65, 0x62, 0x20, 0x4d, 0x61, 0x72, 0x20, 0x41, - 0x70, 0x72, 0x20, 0x4d, 0x61, 0x79, 0x20, 0x4a, - 0x75, 0x6e, 0x20, 0x4a, 0x75, 0x6c, 0x20, 0x41, - 0x75, 0x67, 0x20, 0x53, 0x65, 0x70, 0x74, 0x20, - 0x4f, 0x63, 0x74, 0x20, 0x4e, 0x6f, 0x76, 0x20, - 0x44, 0x65, 0x63, 0x20, 0x30, 0x30, 0x3a, 0x30, - 0x30, 0x3a, 0x30, 0x30, 0x20, 0x4d, 0x6f, 0x6e, - 0x2c, 0x20, 0x54, 0x75, 0x65, 0x2c, 0x20, 0x57, - 0x65, 0x64, 0x2c, 0x20, 0x54, 0x68, 0x75, 0x2c, - 0x20, 0x46, 0x72, 0x69, 0x2c, 0x20, 0x53, 0x61, - 0x74, 0x2c, 0x20, 0x53, 0x75, 0x6e, 0x2c, 0x20, - 0x47, 0x4d, 0x54, 0x63, 0x68, 0x75, 0x6e, 0x6b, - 0x65, 0x64, 0x2c, 0x74, 0x65, 0x78, 0x74, 0x2f, - 0x68, 0x74, 0x6d, 0x6c, 0x2c, 0x69, 0x6d, 0x61, - 0x67, 0x65, 0x2f, 0x70, 0x6e, 0x67, 0x2c, 0x69, - 0x6d, 0x61, 0x67, 0x65, 0x2f, 0x6a, 0x70, 0x67, - 0x2c, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x2f, 0x67, - 0x69, 0x66, 0x2c, 0x61, 0x70, 0x70, 0x6c, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x78, - 0x6d, 0x6c, 0x2c, 0x61, 0x70, 0x70, 0x6c, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x78, - 0x68, 0x74, 0x6d, 0x6c, 0x2b, 0x78, 0x6d, 0x6c, - 0x2c, 0x74, 0x65, 0x78, 0x74, 0x2f, 0x70, 0x6c, - 0x61, 0x69, 0x6e, 0x2c, 0x74, 0x65, 0x78, 0x74, - 0x2f, 0x6a, 0x61, 0x76, 0x61, 0x73, 0x63, 0x72, - 0x69, 0x70, 0x74, 0x2c, 0x70, 0x75, 0x62, 0x6c, - 0x69, 0x63, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, - 0x65, 0x6d, 0x61, 0x78, 0x2d, 0x61, 0x67, 0x65, - 0x3d, 0x67, 0x7a, 0x69, 0x70, 0x2c, 0x64, 0x65, - 0x66, 0x6c, 0x61, 0x74, 0x65, 0x2c, 0x73, 0x64, - 0x63, 0x68, 0x63, 0x68, 0x61, 0x72, 0x73, 0x65, - 0x74, 0x3d, 0x75, 0x74, 0x66, 0x2d, 0x38, 0x63, - 0x68, 0x61, 0x72, 0x73, 0x65, 0x74, 0x3d, 0x69, - 0x73, 0x6f, 0x2d, 0x38, 0x38, 0x35, 0x39, 0x2d, - 0x31, 0x2c, 0x75, 0x74, 0x66, 0x2d, 0x2c, 0x2a, - 0x2c, 0x65, 0x6e, 0x71, 0x3d, 0x30, 0x2e, -} diff --git a/vendor/github.com/moby/spdystream/spdy/read.go b/vendor/github.com/moby/spdystream/spdy/read.go deleted file mode 100644 index 75ea045b8..000000000 --- a/vendor/github.com/moby/spdystream/spdy/read.go +++ /dev/null @@ -1,364 +0,0 @@ -/* - Copyright 2014-2021 Docker Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package spdy - -import ( - "compress/zlib" - "encoding/binary" - "io" - "net/http" - "strings" -) - -func (frame *SynStreamFrame) read(h ControlFrameHeader, f *Framer) error { - return f.readSynStreamFrame(h, frame) -} - -func (frame *SynReplyFrame) read(h ControlFrameHeader, f *Framer) error { - return f.readSynReplyFrame(h, frame) -} - -func (frame *RstStreamFrame) read(h ControlFrameHeader, f *Framer) error { - frame.CFHeader = h - if err := binary.Read(f.r, binary.BigEndian, &frame.StreamId); err != nil { - return err - } - if err := binary.Read(f.r, binary.BigEndian, &frame.Status); err != nil { - return err - } - if frame.Status == 0 { - return &Error{InvalidControlFrame, frame.StreamId} - } - if frame.StreamId == 0 { - return &Error{ZeroStreamId, 0} - } - return nil -} - -func (frame *SettingsFrame) read(h ControlFrameHeader, f *Framer) error { - frame.CFHeader = h - var numSettings uint32 - if err := binary.Read(f.r, binary.BigEndian, &numSettings); err != nil { - return err - } - frame.FlagIdValues = make([]SettingsFlagIdValue, numSettings) - for i := uint32(0); i < numSettings; i++ { - if err := binary.Read(f.r, binary.BigEndian, &frame.FlagIdValues[i].Id); err != nil { - return err - } - frame.FlagIdValues[i].Flag = SettingsFlag((frame.FlagIdValues[i].Id & 0xff000000) >> 24) - frame.FlagIdValues[i].Id &= 0xffffff - if err := binary.Read(f.r, binary.BigEndian, &frame.FlagIdValues[i].Value); err != nil { - return err - } - } - return nil -} - -func (frame *PingFrame) read(h ControlFrameHeader, f *Framer) error { - frame.CFHeader = h - if err := binary.Read(f.r, binary.BigEndian, &frame.Id); err != nil { - return err - } - if frame.Id == 0 { - return &Error{ZeroStreamId, 0} - } - if frame.CFHeader.Flags != 0 { - return &Error{InvalidControlFrame, StreamId(frame.Id)} - } - return nil -} - -func (frame *GoAwayFrame) read(h ControlFrameHeader, f *Framer) error { - frame.CFHeader = h - if err := binary.Read(f.r, binary.BigEndian, &frame.LastGoodStreamId); err != nil { - return err - } - if frame.CFHeader.Flags != 0 { - return &Error{InvalidControlFrame, frame.LastGoodStreamId} - } - if frame.CFHeader.length != 8 { - return &Error{InvalidControlFrame, frame.LastGoodStreamId} - } - if err := binary.Read(f.r, binary.BigEndian, &frame.Status); err != nil { - return err - } - return nil -} - -func (frame *HeadersFrame) read(h ControlFrameHeader, f *Framer) error { - return f.readHeadersFrame(h, frame) -} - -func (frame *WindowUpdateFrame) read(h ControlFrameHeader, f *Framer) error { - frame.CFHeader = h - if err := binary.Read(f.r, binary.BigEndian, &frame.StreamId); err != nil { - return err - } - if frame.CFHeader.Flags != 0 { - return &Error{InvalidControlFrame, frame.StreamId} - } - if frame.CFHeader.length != 8 { - return &Error{InvalidControlFrame, frame.StreamId} - } - if err := binary.Read(f.r, binary.BigEndian, &frame.DeltaWindowSize); err != nil { - return err - } - return nil -} - -func newControlFrame(frameType ControlFrameType) (controlFrame, error) { - ctor, ok := cframeCtor[frameType] - if !ok { - return nil, &Error{Err: InvalidControlFrame} - } - return ctor(), nil -} - -var cframeCtor = map[ControlFrameType]func() controlFrame{ - TypeSynStream: func() controlFrame { return new(SynStreamFrame) }, - TypeSynReply: func() controlFrame { return new(SynReplyFrame) }, - TypeRstStream: func() controlFrame { return new(RstStreamFrame) }, - TypeSettings: func() controlFrame { return new(SettingsFrame) }, - TypePing: func() controlFrame { return new(PingFrame) }, - TypeGoAway: func() controlFrame { return new(GoAwayFrame) }, - TypeHeaders: func() controlFrame { return new(HeadersFrame) }, - TypeWindowUpdate: func() controlFrame { return new(WindowUpdateFrame) }, -} - -func (f *Framer) uncorkHeaderDecompressor(payloadSize int64) error { - if f.headerDecompressor != nil { - f.headerReader.N = payloadSize - return nil - } - f.headerReader = io.LimitedReader{R: f.r, N: payloadSize} - decompressor, err := zlib.NewReaderDict(&f.headerReader, []byte(headerDictionary)) - if err != nil { - return err - } - f.headerDecompressor = decompressor - return nil -} - -// ReadFrame reads SPDY encoded data and returns a decompressed Frame. -func (f *Framer) ReadFrame() (Frame, error) { - var firstWord uint32 - if err := binary.Read(f.r, binary.BigEndian, &firstWord); err != nil { - return nil, err - } - if firstWord&0x80000000 != 0 { - frameType := ControlFrameType(firstWord & 0xffff) - version := uint16(firstWord >> 16 & 0x7fff) - return f.parseControlFrame(version, frameType) - } - return f.parseDataFrame(StreamId(firstWord & 0x7fffffff)) -} - -func (f *Framer) parseControlFrame(version uint16, frameType ControlFrameType) (Frame, error) { - var length uint32 - if err := binary.Read(f.r, binary.BigEndian, &length); err != nil { - return nil, err - } - flags := ControlFlags((length & 0xff000000) >> 24) - length &= 0xffffff - header := ControlFrameHeader{version, frameType, flags, length} - cframe, err := newControlFrame(frameType) - if err != nil { - return nil, err - } - if err = cframe.read(header, f); err != nil { - return nil, err - } - return cframe, nil -} - -func parseHeaderValueBlock(r io.Reader, streamId StreamId) (http.Header, error) { - var numHeaders uint32 - if err := binary.Read(r, binary.BigEndian, &numHeaders); err != nil { - return nil, err - } - var e error - h := make(http.Header, int(numHeaders)) - for i := 0; i < int(numHeaders); i++ { - var length uint32 - if err := binary.Read(r, binary.BigEndian, &length); err != nil { - return nil, err - } - nameBytes := make([]byte, length) - if _, err := io.ReadFull(r, nameBytes); err != nil { - return nil, err - } - name := string(nameBytes) - if name != strings.ToLower(name) { - e = &Error{UnlowercasedHeaderName, streamId} - name = strings.ToLower(name) - } - if h[name] != nil { - e = &Error{DuplicateHeaders, streamId} - } - if err := binary.Read(r, binary.BigEndian, &length); err != nil { - return nil, err - } - value := make([]byte, length) - if _, err := io.ReadFull(r, value); err != nil { - return nil, err - } - valueList := strings.Split(string(value), headerValueSeparator) - for _, v := range valueList { - h.Add(name, v) - } - } - if e != nil { - return h, e - } - return h, nil -} - -func (f *Framer) readSynStreamFrame(h ControlFrameHeader, frame *SynStreamFrame) error { - frame.CFHeader = h - var err error - if err = binary.Read(f.r, binary.BigEndian, &frame.StreamId); err != nil { - return err - } - if err = binary.Read(f.r, binary.BigEndian, &frame.AssociatedToStreamId); err != nil { - return err - } - if err = binary.Read(f.r, binary.BigEndian, &frame.Priority); err != nil { - return err - } - frame.Priority >>= 5 - if err = binary.Read(f.r, binary.BigEndian, &frame.Slot); err != nil { - return err - } - reader := f.r - if !f.headerCompressionDisabled { - err := f.uncorkHeaderDecompressor(int64(h.length - 10)) - if err != nil { - return err - } - reader = f.headerDecompressor - } - frame.Headers, err = parseHeaderValueBlock(reader, frame.StreamId) - if !f.headerCompressionDisabled && (err == io.EOF && f.headerReader.N == 0 || f.headerReader.N != 0) { - err = &Error{WrongCompressedPayloadSize, 0} - } - if err != nil { - return err - } - for h := range frame.Headers { - if invalidReqHeaders[h] { - return &Error{InvalidHeaderPresent, frame.StreamId} - } - } - if frame.StreamId == 0 { - return &Error{ZeroStreamId, 0} - } - return nil -} - -func (f *Framer) readSynReplyFrame(h ControlFrameHeader, frame *SynReplyFrame) error { - frame.CFHeader = h - var err error - if err = binary.Read(f.r, binary.BigEndian, &frame.StreamId); err != nil { - return err - } - reader := f.r - if !f.headerCompressionDisabled { - err := f.uncorkHeaderDecompressor(int64(h.length - 4)) - if err != nil { - return err - } - reader = f.headerDecompressor - } - frame.Headers, err = parseHeaderValueBlock(reader, frame.StreamId) - if !f.headerCompressionDisabled && (err == io.EOF && f.headerReader.N == 0 || f.headerReader.N != 0) { - err = &Error{WrongCompressedPayloadSize, 0} - } - if err != nil { - return err - } - for h := range frame.Headers { - if invalidRespHeaders[h] { - return &Error{InvalidHeaderPresent, frame.StreamId} - } - } - if frame.StreamId == 0 { - return &Error{ZeroStreamId, 0} - } - return nil -} - -func (f *Framer) readHeadersFrame(h ControlFrameHeader, frame *HeadersFrame) error { - frame.CFHeader = h - var err error - if err = binary.Read(f.r, binary.BigEndian, &frame.StreamId); err != nil { - return err - } - reader := f.r - if !f.headerCompressionDisabled { - err := f.uncorkHeaderDecompressor(int64(h.length - 4)) - if err != nil { - return err - } - reader = f.headerDecompressor - } - frame.Headers, err = parseHeaderValueBlock(reader, frame.StreamId) - if !f.headerCompressionDisabled && (err == io.EOF && f.headerReader.N == 0 || f.headerReader.N != 0) { - err = &Error{WrongCompressedPayloadSize, 0} - } - if err != nil { - return err - } - var invalidHeaders map[string]bool - if frame.StreamId%2 == 0 { - invalidHeaders = invalidReqHeaders - } else { - invalidHeaders = invalidRespHeaders - } - for h := range frame.Headers { - if invalidHeaders[h] { - return &Error{InvalidHeaderPresent, frame.StreamId} - } - } - if frame.StreamId == 0 { - return &Error{ZeroStreamId, 0} - } - return nil -} - -func (f *Framer) parseDataFrame(streamId StreamId) (*DataFrame, error) { - var length uint32 - if err := binary.Read(f.r, binary.BigEndian, &length); err != nil { - return nil, err - } - var frame DataFrame - frame.StreamId = streamId - frame.Flags = DataFlags(length >> 24) - length &= 0xffffff - frame.Data = make([]byte, length) - if _, err := io.ReadFull(f.r, frame.Data); err != nil { - return nil, err - } - if frame.StreamId == 0 { - return nil, &Error{ZeroStreamId, 0} - } - return &frame, nil -} diff --git a/vendor/github.com/moby/spdystream/spdy/types.go b/vendor/github.com/moby/spdystream/spdy/types.go deleted file mode 100644 index a254a43ab..000000000 --- a/vendor/github.com/moby/spdystream/spdy/types.go +++ /dev/null @@ -1,291 +0,0 @@ -/* - Copyright 2014-2021 Docker Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package spdy implements the SPDY protocol (currently SPDY/3), described in -// http://www.chromium.org/spdy/spdy-protocol/spdy-protocol-draft3. -package spdy - -import ( - "bytes" - "compress/zlib" - "io" - "net/http" -) - -// Version is the protocol version number that this package implements. -const Version = 3 - -// ControlFrameType stores the type field in a control frame header. -type ControlFrameType uint16 - -const ( - TypeSynStream ControlFrameType = 0x0001 - TypeSynReply ControlFrameType = 0x0002 - TypeRstStream ControlFrameType = 0x0003 - TypeSettings ControlFrameType = 0x0004 - TypePing ControlFrameType = 0x0006 - TypeGoAway ControlFrameType = 0x0007 - TypeHeaders ControlFrameType = 0x0008 - TypeWindowUpdate ControlFrameType = 0x0009 -) - -// ControlFlags are the flags that can be set on a control frame. -type ControlFlags uint8 - -const ( - ControlFlagFin ControlFlags = 0x01 - ControlFlagUnidirectional ControlFlags = 0x02 - ControlFlagSettingsClearSettings ControlFlags = 0x01 -) - -// DataFlags are the flags that can be set on a data frame. -type DataFlags uint8 - -const ( - DataFlagFin DataFlags = 0x01 -) - -// MaxDataLength is the maximum number of bytes that can be stored in one frame. -const MaxDataLength = 1<<24 - 1 - -// headerValueSepator separates multiple header values. -const headerValueSeparator = "\x00" - -// Frame is a single SPDY frame in its unpacked in-memory representation. Use -// Framer to read and write it. -type Frame interface { - write(f *Framer) error -} - -// ControlFrameHeader contains all the fields in a control frame header, -// in its unpacked in-memory representation. -type ControlFrameHeader struct { - // Note, high bit is the "Control" bit. - version uint16 // spdy version number - frameType ControlFrameType - Flags ControlFlags - length uint32 // length of data field -} - -type controlFrame interface { - Frame - read(h ControlFrameHeader, f *Framer) error -} - -// StreamId represents a 31-bit value identifying the stream. -type StreamId uint32 - -// SynStreamFrame is the unpacked, in-memory representation of a SYN_STREAM -// frame. -type SynStreamFrame struct { - CFHeader ControlFrameHeader - StreamId StreamId - AssociatedToStreamId StreamId // stream id for a stream which this stream is associated to - Priority uint8 // priority of this frame (3-bit) - Slot uint8 // index in the server's credential vector of the client certificate - Headers http.Header -} - -// SynReplyFrame is the unpacked, in-memory representation of a SYN_REPLY frame. -type SynReplyFrame struct { - CFHeader ControlFrameHeader - StreamId StreamId - Headers http.Header -} - -// RstStreamStatus represents the status that led to a RST_STREAM. -type RstStreamStatus uint32 - -const ( - ProtocolError RstStreamStatus = iota + 1 - InvalidStream - RefusedStream - UnsupportedVersion - Cancel - InternalError - FlowControlError - StreamInUse - StreamAlreadyClosed - InvalidCredentials - FrameTooLarge -) - -// RstStreamFrame is the unpacked, in-memory representation of a RST_STREAM -// frame. -type RstStreamFrame struct { - CFHeader ControlFrameHeader - StreamId StreamId - Status RstStreamStatus -} - -// SettingsFlag represents a flag in a SETTINGS frame. -type SettingsFlag uint8 - -const ( - FlagSettingsPersistValue SettingsFlag = 0x1 - FlagSettingsPersisted SettingsFlag = 0x2 -) - -// SettingsFlag represents the id of an id/value pair in a SETTINGS frame. -type SettingsId uint32 - -const ( - SettingsUploadBandwidth SettingsId = iota + 1 - SettingsDownloadBandwidth - SettingsRoundTripTime - SettingsMaxConcurrentStreams - SettingsCurrentCwnd - SettingsDownloadRetransRate - SettingsInitialWindowSize - SettingsClientCretificateVectorSize -) - -// SettingsFlagIdValue is the unpacked, in-memory representation of the -// combined flag/id/value for a setting in a SETTINGS frame. -type SettingsFlagIdValue struct { - Flag SettingsFlag - Id SettingsId - Value uint32 -} - -// SettingsFrame is the unpacked, in-memory representation of a SPDY -// SETTINGS frame. -type SettingsFrame struct { - CFHeader ControlFrameHeader - FlagIdValues []SettingsFlagIdValue -} - -// PingFrame is the unpacked, in-memory representation of a PING frame. -type PingFrame struct { - CFHeader ControlFrameHeader - Id uint32 // unique id for this ping, from server is even, from client is odd. -} - -// GoAwayStatus represents the status in a GoAwayFrame. -type GoAwayStatus uint32 - -const ( - GoAwayOK GoAwayStatus = iota - GoAwayProtocolError - GoAwayInternalError -) - -// GoAwayFrame is the unpacked, in-memory representation of a GOAWAY frame. -type GoAwayFrame struct { - CFHeader ControlFrameHeader - LastGoodStreamId StreamId // last stream id which was accepted by sender - Status GoAwayStatus -} - -// HeadersFrame is the unpacked, in-memory representation of a HEADERS frame. -type HeadersFrame struct { - CFHeader ControlFrameHeader - StreamId StreamId - Headers http.Header -} - -// WindowUpdateFrame is the unpacked, in-memory representation of a -// WINDOW_UPDATE frame. -type WindowUpdateFrame struct { - CFHeader ControlFrameHeader - StreamId StreamId - DeltaWindowSize uint32 // additional number of bytes to existing window size -} - -// TODO: Implement credential frame and related methods. - -// DataFrame is the unpacked, in-memory representation of a DATA frame. -type DataFrame struct { - // Note, high bit is the "Control" bit. Should be 0 for data frames. - StreamId StreamId - Flags DataFlags - Data []byte // payload data of this frame -} - -// A SPDY specific error. -type ErrorCode string - -const ( - UnlowercasedHeaderName ErrorCode = "header was not lowercased" - DuplicateHeaders ErrorCode = "multiple headers with same name" - WrongCompressedPayloadSize ErrorCode = "compressed payload size was incorrect" - UnknownFrameType ErrorCode = "unknown frame type" - InvalidControlFrame ErrorCode = "invalid control frame" - InvalidDataFrame ErrorCode = "invalid data frame" - InvalidHeaderPresent ErrorCode = "frame contained invalid header" - ZeroStreamId ErrorCode = "stream id zero is disallowed" -) - -// Error contains both the type of error and additional values. StreamId is 0 -// if Error is not associated with a stream. -type Error struct { - Err ErrorCode - StreamId StreamId -} - -func (e *Error) Error() string { - return string(e.Err) -} - -var invalidReqHeaders = map[string]bool{ - "Connection": true, - "Host": true, - "Keep-Alive": true, - "Proxy-Connection": true, - "Transfer-Encoding": true, -} - -var invalidRespHeaders = map[string]bool{ - "Connection": true, - "Keep-Alive": true, - "Proxy-Connection": true, - "Transfer-Encoding": true, -} - -// Framer handles serializing/deserializing SPDY frames, including compressing/ -// decompressing payloads. -type Framer struct { - headerCompressionDisabled bool - w io.Writer - headerBuf *bytes.Buffer - headerCompressor *zlib.Writer - r io.Reader - headerReader io.LimitedReader - headerDecompressor io.ReadCloser -} - -// NewFramer allocates a new Framer for a given SPDY connection, represented by -// a io.Writer and io.Reader. Note that Framer will read and write individual fields -// from/to the Reader and Writer, so the caller should pass in an appropriately -// buffered implementation to optimize performance. -func NewFramer(w io.Writer, r io.Reader) (*Framer, error) { - compressBuf := new(bytes.Buffer) - compressor, err := zlib.NewWriterLevelDict(compressBuf, zlib.BestCompression, []byte(headerDictionary)) - if err != nil { - return nil, err - } - framer := &Framer{ - w: w, - headerBuf: compressBuf, - headerCompressor: compressor, - r: r, - } - return framer, nil -} diff --git a/vendor/github.com/moby/spdystream/spdy/write.go b/vendor/github.com/moby/spdystream/spdy/write.go deleted file mode 100644 index ab6d91f3b..000000000 --- a/vendor/github.com/moby/spdystream/spdy/write.go +++ /dev/null @@ -1,334 +0,0 @@ -/* - Copyright 2014-2021 Docker Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package spdy - -import ( - "encoding/binary" - "io" - "net/http" - "strings" -) - -func (frame *SynStreamFrame) write(f *Framer) error { - return f.writeSynStreamFrame(frame) -} - -func (frame *SynReplyFrame) write(f *Framer) error { - return f.writeSynReplyFrame(frame) -} - -func (frame *RstStreamFrame) write(f *Framer) (err error) { - if frame.StreamId == 0 { - return &Error{ZeroStreamId, 0} - } - frame.CFHeader.version = Version - frame.CFHeader.frameType = TypeRstStream - frame.CFHeader.Flags = 0 - frame.CFHeader.length = 8 - - // Serialize frame to Writer. - if err = writeControlFrameHeader(f.w, frame.CFHeader); err != nil { - return - } - if err = binary.Write(f.w, binary.BigEndian, frame.StreamId); err != nil { - return - } - if frame.Status == 0 { - return &Error{InvalidControlFrame, frame.StreamId} - } - if err = binary.Write(f.w, binary.BigEndian, frame.Status); err != nil { - return - } - return -} - -func (frame *SettingsFrame) write(f *Framer) (err error) { - frame.CFHeader.version = Version - frame.CFHeader.frameType = TypeSettings - frame.CFHeader.length = uint32(len(frame.FlagIdValues)*8 + 4) - - // Serialize frame to Writer. - if err = writeControlFrameHeader(f.w, frame.CFHeader); err != nil { - return - } - if err = binary.Write(f.w, binary.BigEndian, uint32(len(frame.FlagIdValues))); err != nil { - return - } - for _, flagIdValue := range frame.FlagIdValues { - flagId := uint32(flagIdValue.Flag)<<24 | uint32(flagIdValue.Id) - if err = binary.Write(f.w, binary.BigEndian, flagId); err != nil { - return - } - if err = binary.Write(f.w, binary.BigEndian, flagIdValue.Value); err != nil { - return - } - } - return -} - -func (frame *PingFrame) write(f *Framer) (err error) { - if frame.Id == 0 { - return &Error{ZeroStreamId, 0} - } - frame.CFHeader.version = Version - frame.CFHeader.frameType = TypePing - frame.CFHeader.Flags = 0 - frame.CFHeader.length = 4 - - // Serialize frame to Writer. - if err = writeControlFrameHeader(f.w, frame.CFHeader); err != nil { - return - } - if err = binary.Write(f.w, binary.BigEndian, frame.Id); err != nil { - return - } - return -} - -func (frame *GoAwayFrame) write(f *Framer) (err error) { - frame.CFHeader.version = Version - frame.CFHeader.frameType = TypeGoAway - frame.CFHeader.Flags = 0 - frame.CFHeader.length = 8 - - // Serialize frame to Writer. - if err = writeControlFrameHeader(f.w, frame.CFHeader); err != nil { - return - } - if err = binary.Write(f.w, binary.BigEndian, frame.LastGoodStreamId); err != nil { - return - } - if err = binary.Write(f.w, binary.BigEndian, frame.Status); err != nil { - return - } - return nil -} - -func (frame *HeadersFrame) write(f *Framer) error { - return f.writeHeadersFrame(frame) -} - -func (frame *WindowUpdateFrame) write(f *Framer) (err error) { - frame.CFHeader.version = Version - frame.CFHeader.frameType = TypeWindowUpdate - frame.CFHeader.Flags = 0 - frame.CFHeader.length = 8 - - // Serialize frame to Writer. - if err = writeControlFrameHeader(f.w, frame.CFHeader); err != nil { - return - } - if err = binary.Write(f.w, binary.BigEndian, frame.StreamId); err != nil { - return - } - if err = binary.Write(f.w, binary.BigEndian, frame.DeltaWindowSize); err != nil { - return - } - return nil -} - -func (frame *DataFrame) write(f *Framer) error { - return f.writeDataFrame(frame) -} - -// WriteFrame writes a frame. -func (f *Framer) WriteFrame(frame Frame) error { - return frame.write(f) -} - -func writeControlFrameHeader(w io.Writer, h ControlFrameHeader) error { - if err := binary.Write(w, binary.BigEndian, 0x8000|h.version); err != nil { - return err - } - if err := binary.Write(w, binary.BigEndian, h.frameType); err != nil { - return err - } - flagsAndLength := uint32(h.Flags)<<24 | h.length - if err := binary.Write(w, binary.BigEndian, flagsAndLength); err != nil { - return err - } - return nil -} - -func writeHeaderValueBlock(w io.Writer, h http.Header) (n int, err error) { - n = 0 - if err = binary.Write(w, binary.BigEndian, uint32(len(h))); err != nil { - return - } - n += 2 - for name, values := range h { - if err = binary.Write(w, binary.BigEndian, uint32(len(name))); err != nil { - return - } - n += 2 - name = strings.ToLower(name) - if _, err = io.WriteString(w, name); err != nil { - return - } - n += len(name) - v := strings.Join(values, headerValueSeparator) - if err = binary.Write(w, binary.BigEndian, uint32(len(v))); err != nil { - return - } - n += 2 - if _, err = io.WriteString(w, v); err != nil { - return - } - n += len(v) - } - return -} - -func (f *Framer) writeSynStreamFrame(frame *SynStreamFrame) (err error) { - if frame.StreamId == 0 { - return &Error{ZeroStreamId, 0} - } - // Marshal the headers. - var writer io.Writer = f.headerBuf - if !f.headerCompressionDisabled { - writer = f.headerCompressor - } - if _, err = writeHeaderValueBlock(writer, frame.Headers); err != nil { - return - } - if !f.headerCompressionDisabled { - f.headerCompressor.Flush() - } - - // Set ControlFrameHeader. - frame.CFHeader.version = Version - frame.CFHeader.frameType = TypeSynStream - frame.CFHeader.length = uint32(len(f.headerBuf.Bytes()) + 10) - - // Serialize frame to Writer. - if err = writeControlFrameHeader(f.w, frame.CFHeader); err != nil { - return err - } - if err = binary.Write(f.w, binary.BigEndian, frame.StreamId); err != nil { - return err - } - if err = binary.Write(f.w, binary.BigEndian, frame.AssociatedToStreamId); err != nil { - return err - } - if err = binary.Write(f.w, binary.BigEndian, frame.Priority<<5); err != nil { - return err - } - if err = binary.Write(f.w, binary.BigEndian, frame.Slot); err != nil { - return err - } - if _, err = f.w.Write(f.headerBuf.Bytes()); err != nil { - return err - } - f.headerBuf.Reset() - return nil -} - -func (f *Framer) writeSynReplyFrame(frame *SynReplyFrame) (err error) { - if frame.StreamId == 0 { - return &Error{ZeroStreamId, 0} - } - // Marshal the headers. - var writer io.Writer = f.headerBuf - if !f.headerCompressionDisabled { - writer = f.headerCompressor - } - if _, err = writeHeaderValueBlock(writer, frame.Headers); err != nil { - return - } - if !f.headerCompressionDisabled { - f.headerCompressor.Flush() - } - - // Set ControlFrameHeader. - frame.CFHeader.version = Version - frame.CFHeader.frameType = TypeSynReply - frame.CFHeader.length = uint32(len(f.headerBuf.Bytes()) + 4) - - // Serialize frame to Writer. - if err = writeControlFrameHeader(f.w, frame.CFHeader); err != nil { - return - } - if err = binary.Write(f.w, binary.BigEndian, frame.StreamId); err != nil { - return - } - if _, err = f.w.Write(f.headerBuf.Bytes()); err != nil { - return - } - f.headerBuf.Reset() - return -} - -func (f *Framer) writeHeadersFrame(frame *HeadersFrame) (err error) { - if frame.StreamId == 0 { - return &Error{ZeroStreamId, 0} - } - // Marshal the headers. - var writer io.Writer = f.headerBuf - if !f.headerCompressionDisabled { - writer = f.headerCompressor - } - if _, err = writeHeaderValueBlock(writer, frame.Headers); err != nil { - return - } - if !f.headerCompressionDisabled { - f.headerCompressor.Flush() - } - - // Set ControlFrameHeader. - frame.CFHeader.version = Version - frame.CFHeader.frameType = TypeHeaders - frame.CFHeader.length = uint32(len(f.headerBuf.Bytes()) + 4) - - // Serialize frame to Writer. - if err = writeControlFrameHeader(f.w, frame.CFHeader); err != nil { - return - } - if err = binary.Write(f.w, binary.BigEndian, frame.StreamId); err != nil { - return - } - if _, err = f.w.Write(f.headerBuf.Bytes()); err != nil { - return - } - f.headerBuf.Reset() - return -} - -func (f *Framer) writeDataFrame(frame *DataFrame) (err error) { - if frame.StreamId == 0 { - return &Error{ZeroStreamId, 0} - } - if frame.StreamId&0x80000000 != 0 || len(frame.Data) > MaxDataLength { - return &Error{InvalidDataFrame, frame.StreamId} - } - - // Serialize frame to Writer. - if err = binary.Write(f.w, binary.BigEndian, frame.StreamId); err != nil { - return - } - flagsAndLength := uint32(frame.Flags)<<24 | uint32(len(frame.Data)) - if err = binary.Write(f.w, binary.BigEndian, flagsAndLength); err != nil { - return - } - if _, err = f.w.Write(frame.Data); err != nil { - return - } - return nil -} diff --git a/vendor/github.com/moby/spdystream/stream.go b/vendor/github.com/moby/spdystream/stream.go deleted file mode 100644 index 404e3c02d..000000000 --- a/vendor/github.com/moby/spdystream/stream.go +++ /dev/null @@ -1,343 +0,0 @@ -/* - Copyright 2014-2021 Docker Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package spdystream - -import ( - "errors" - "fmt" - "io" - "net" - "net/http" - "sync" - "time" - - "github.com/moby/spdystream/spdy" -) - -var ( - ErrUnreadPartialData = errors.New("unread partial data") -) - -type Stream struct { - streamId spdy.StreamId - parent *Stream - conn *Connection - startChan chan error - - dataLock sync.RWMutex - dataChan chan []byte - unread []byte - - priority uint8 - headers http.Header - headerChan chan http.Header - finishLock sync.Mutex - finished bool - replyCond *sync.Cond - replied bool - closeLock sync.Mutex - closeChan chan bool -} - -// WriteData writes data to stream, sending a dataframe per call -func (s *Stream) WriteData(data []byte, fin bool) error { - s.waitWriteReply() - var flags spdy.DataFlags - - if fin { - flags = spdy.DataFlagFin - s.finishLock.Lock() - if s.finished { - s.finishLock.Unlock() - return ErrWriteClosedStream - } - s.finished = true - s.finishLock.Unlock() - } - - dataFrame := &spdy.DataFrame{ - StreamId: s.streamId, - Flags: flags, - Data: data, - } - - debugMessage("(%p) (%d) Writing data frame", s, s.streamId) - return s.conn.framer.WriteFrame(dataFrame) -} - -// Write writes bytes to a stream, calling write data for each call. -func (s *Stream) Write(data []byte) (n int, err error) { - err = s.WriteData(data, false) - if err == nil { - n = len(data) - } - return -} - -// Read reads bytes from a stream, a single read will never get more -// than what is sent on a single data frame, but a multiple calls to -// read may get data from the same data frame. -func (s *Stream) Read(p []byte) (n int, err error) { - if s.unread == nil { - select { - case <-s.closeChan: - return 0, io.EOF - case read, ok := <-s.dataChan: - if !ok { - return 0, io.EOF - } - s.unread = read - } - } - n = copy(p, s.unread) - if n < len(s.unread) { - s.unread = s.unread[n:] - } else { - s.unread = nil - } - return -} - -// ReadData reads an entire data frame and returns the byte array -// from the data frame. If there is unread data from the result -// of a Read call, this function will return an ErrUnreadPartialData. -func (s *Stream) ReadData() ([]byte, error) { - debugMessage("(%p) Reading data from %d", s, s.streamId) - if s.unread != nil { - return nil, ErrUnreadPartialData - } - select { - case <-s.closeChan: - return nil, io.EOF - case read, ok := <-s.dataChan: - if !ok { - return nil, io.EOF - } - return read, nil - } -} - -func (s *Stream) waitWriteReply() { - if s.replyCond != nil { - s.replyCond.L.Lock() - for !s.replied { - s.replyCond.Wait() - } - s.replyCond.L.Unlock() - } -} - -// Wait waits for the stream to receive a reply. -func (s *Stream) Wait() error { - return s.WaitTimeout(time.Duration(0)) -} - -// WaitTimeout waits for the stream to receive a reply or for timeout. -// When the timeout is reached, ErrTimeout will be returned. -func (s *Stream) WaitTimeout(timeout time.Duration) error { - var timeoutChan <-chan time.Time - if timeout > time.Duration(0) { - timeoutChan = time.After(timeout) - } - - select { - case err := <-s.startChan: - if err != nil { - return err - } - break - case <-timeoutChan: - return ErrTimeout - } - return nil -} - -// Close closes the stream by sending an empty data frame with the -// finish flag set, indicating this side is finished with the stream. -func (s *Stream) Close() error { - select { - case <-s.closeChan: - // Stream is now fully closed - s.conn.removeStream(s) - default: - break - } - return s.WriteData([]byte{}, true) -} - -// Reset sends a reset frame, putting the stream into the fully closed state. -func (s *Stream) Reset() error { - s.conn.removeStream(s) - return s.resetStream() -} - -func (s *Stream) resetStream() error { - // Always call closeRemoteChannels, even if s.finished is already true. - // This makes it so that stream.Close() followed by stream.Reset() allows - // stream.Read() to unblock. - s.closeRemoteChannels() - - s.finishLock.Lock() - if s.finished { - s.finishLock.Unlock() - return nil - } - s.finished = true - s.finishLock.Unlock() - - resetFrame := &spdy.RstStreamFrame{ - StreamId: s.streamId, - Status: spdy.Cancel, - } - return s.conn.framer.WriteFrame(resetFrame) -} - -// CreateSubStream creates a stream using the current as the parent -func (s *Stream) CreateSubStream(headers http.Header, fin bool) (*Stream, error) { - return s.conn.CreateStream(headers, s, fin) -} - -// SetPriority sets the stream priority, does not affect the -// remote priority of this stream after Open has been called. -// Valid values are 0 through 7, 0 being the highest priority -// and 7 the lowest. -func (s *Stream) SetPriority(priority uint8) { - s.priority = priority -} - -// SendHeader sends a header frame across the stream -func (s *Stream) SendHeader(headers http.Header, fin bool) error { - return s.conn.sendHeaders(headers, s, fin) -} - -// SendReply sends a reply on a stream, only valid to be called once -// when handling a new stream -func (s *Stream) SendReply(headers http.Header, fin bool) error { - if s.replyCond == nil { - return errors.New("cannot reply on initiated stream") - } - s.replyCond.L.Lock() - defer s.replyCond.L.Unlock() - if s.replied { - return nil - } - - err := s.conn.sendReply(headers, s, fin) - if err != nil { - return err - } - - s.replied = true - s.replyCond.Broadcast() - return nil -} - -// Refuse sends a reset frame with the status refuse, only -// valid to be called once when handling a new stream. This -// may be used to indicate that a stream is not allowed -// when http status codes are not being used. -func (s *Stream) Refuse() error { - if s.replied { - return nil - } - s.replied = true - return s.conn.sendReset(spdy.RefusedStream, s) -} - -// Cancel sends a reset frame with the status canceled. This -// can be used at any time by the creator of the Stream to -// indicate the stream is no longer needed. -func (s *Stream) Cancel() error { - return s.conn.sendReset(spdy.Cancel, s) -} - -// ReceiveHeader receives a header sent on the other side -// of the stream. This function will block until a header -// is received or stream is closed. -func (s *Stream) ReceiveHeader() (http.Header, error) { - select { - case <-s.closeChan: - break - case header, ok := <-s.headerChan: - if !ok { - return nil, fmt.Errorf("header chan closed") - } - return header, nil - } - return nil, fmt.Errorf("stream closed") -} - -// Parent returns the parent stream -func (s *Stream) Parent() *Stream { - return s.parent -} - -// Headers returns the headers used to create the stream -func (s *Stream) Headers() http.Header { - return s.headers -} - -// String returns the string version of stream using the -// streamId to uniquely identify the stream -func (s *Stream) String() string { - return fmt.Sprintf("stream:%d", s.streamId) -} - -// Identifier returns a 32 bit identifier for the stream -func (s *Stream) Identifier() uint32 { - return uint32(s.streamId) -} - -// IsFinished returns whether the stream has finished -// sending data -func (s *Stream) IsFinished() bool { - return s.finished -} - -// Implement net.Conn interface - -func (s *Stream) LocalAddr() net.Addr { - return s.conn.conn.LocalAddr() -} - -func (s *Stream) RemoteAddr() net.Addr { - return s.conn.conn.RemoteAddr() -} - -// TODO set per stream values instead of connection-wide - -func (s *Stream) SetDeadline(t time.Time) error { - return s.conn.conn.SetDeadline(t) -} - -func (s *Stream) SetReadDeadline(t time.Time) error { - return s.conn.conn.SetReadDeadline(t) -} - -func (s *Stream) SetWriteDeadline(t time.Time) error { - return s.conn.conn.SetWriteDeadline(t) -} - -func (s *Stream) closeRemoteChannels() { - s.closeLock.Lock() - defer s.closeLock.Unlock() - select { - case <-s.closeChan: - default: - close(s.closeChan) - } -} diff --git a/vendor/github.com/moby/spdystream/utils.go b/vendor/github.com/moby/spdystream/utils.go deleted file mode 100644 index e9f7fffd6..000000000 --- a/vendor/github.com/moby/spdystream/utils.go +++ /dev/null @@ -1,32 +0,0 @@ -/* - Copyright 2014-2021 Docker Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package spdystream - -import ( - "log" - "os" -) - -var ( - DEBUG = os.Getenv("DEBUG") -) - -func debugMessage(fmt string, args ...interface{}) { - if DEBUG != "" { - log.Printf(fmt, args...) - } -} diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/doc.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/doc.go deleted file mode 100644 index 5893df5bd..000000000 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package httpstream adds multiplexed streaming support to HTTP requests and -// responses via connection upgrades. -package httpstream // import "k8s.io/apimachinery/pkg/util/httpstream" diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/httpstream.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/httpstream.go deleted file mode 100644 index 00ce5f785..000000000 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/httpstream.go +++ /dev/null @@ -1,157 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package httpstream - -import ( - "fmt" - "io" - "net/http" - "strings" - "time" -) - -const ( - HeaderConnection = "Connection" - HeaderUpgrade = "Upgrade" - HeaderProtocolVersion = "X-Stream-Protocol-Version" - HeaderAcceptedProtocolVersions = "X-Accepted-Stream-Protocol-Versions" -) - -// NewStreamHandler defines a function that is called when a new Stream is -// received. If no error is returned, the Stream is accepted; otherwise, -// the stream is rejected. After the reply frame has been sent, replySent is closed. -type NewStreamHandler func(stream Stream, replySent <-chan struct{}) error - -// NoOpNewStreamHandler is a stream handler that accepts a new stream and -// performs no other logic. -func NoOpNewStreamHandler(stream Stream, replySent <-chan struct{}) error { return nil } - -// Dialer knows how to open a streaming connection to a server. -type Dialer interface { - - // Dial opens a streaming connection to a server using one of the protocols - // specified (in order of most preferred to least preferred). - Dial(protocols ...string) (Connection, string, error) -} - -// UpgradeRoundTripper is a type of http.RoundTripper that is able to upgrade -// HTTP requests to support multiplexed bidirectional streams. After RoundTrip() -// is invoked, if the upgrade is successful, clients may retrieve the upgraded -// connection by calling UpgradeRoundTripper.Connection(). -type UpgradeRoundTripper interface { - http.RoundTripper - // NewConnection validates the response and creates a new Connection. - NewConnection(resp *http.Response) (Connection, error) -} - -// ResponseUpgrader knows how to upgrade HTTP requests and responses to -// add streaming support to them. -type ResponseUpgrader interface { - // UpgradeResponse upgrades an HTTP response to one that supports multiplexed - // streams. newStreamHandler will be called asynchronously whenever the - // other end of the upgraded connection creates a new stream. - UpgradeResponse(w http.ResponseWriter, req *http.Request, newStreamHandler NewStreamHandler) Connection -} - -// Connection represents an upgraded HTTP connection. -type Connection interface { - // CreateStream creates a new Stream with the supplied headers. - CreateStream(headers http.Header) (Stream, error) - // Close resets all streams and closes the connection. - Close() error - // CloseChan returns a channel that is closed when the underlying connection is closed. - CloseChan() <-chan bool - // SetIdleTimeout sets the amount of time the connection may remain idle before - // it is automatically closed. - SetIdleTimeout(timeout time.Duration) -} - -// Stream represents a bidirectional communications channel that is part of an -// upgraded connection. -type Stream interface { - io.ReadWriteCloser - // Reset closes both directions of the stream, indicating that neither client - // or server can use it any more. - Reset() error - // Headers returns the headers used to create the stream. - Headers() http.Header - // Identifier returns the stream's ID. - Identifier() uint32 -} - -// IsUpgradeRequest returns true if the given request is a connection upgrade request -func IsUpgradeRequest(req *http.Request) bool { - for _, h := range req.Header[http.CanonicalHeaderKey(HeaderConnection)] { - if strings.Contains(strings.ToLower(h), strings.ToLower(HeaderUpgrade)) { - return true - } - } - return false -} - -func negotiateProtocol(clientProtocols, serverProtocols []string) string { - for i := range clientProtocols { - for j := range serverProtocols { - if clientProtocols[i] == serverProtocols[j] { - return clientProtocols[i] - } - } - } - return "" -} - -func commaSeparatedHeaderValues(header []string) []string { - var parsedClientProtocols []string - for i := range header { - for _, clientProtocol := range strings.Split(header[i], ",") { - if proto := strings.Trim(clientProtocol, " "); len(proto) > 0 { - parsedClientProtocols = append(parsedClientProtocols, proto) - } - } - } - return parsedClientProtocols -} - -// Handshake performs a subprotocol negotiation. If the client did request a -// subprotocol, Handshake will select the first common value found in -// serverProtocols. If a match is found, Handshake adds a response header -// indicating the chosen subprotocol. If no match is found, HTTP forbidden is -// returned, along with a response header containing the list of protocols the -// server can accept. -func Handshake(req *http.Request, w http.ResponseWriter, serverProtocols []string) (string, error) { - clientProtocols := commaSeparatedHeaderValues(req.Header[http.CanonicalHeaderKey(HeaderProtocolVersion)]) - if len(clientProtocols) == 0 { - return "", fmt.Errorf("unable to upgrade: %s is required", HeaderProtocolVersion) - } - - if len(serverProtocols) == 0 { - panic(fmt.Errorf("unable to upgrade: serverProtocols is required")) - } - - negotiatedProtocol := negotiateProtocol(clientProtocols, serverProtocols) - if len(negotiatedProtocol) == 0 { - for i := range serverProtocols { - w.Header().Add(HeaderAcceptedProtocolVersions, serverProtocols[i]) - } - err := fmt.Errorf("unable to upgrade: unable to negotiate protocol: client supports %v, server accepts %v", clientProtocols, serverProtocols) - http.Error(w, err.Error(), http.StatusForbidden) - return "", err - } - - w.Header().Add(HeaderProtocolVersion, negotiatedProtocol) - return negotiatedProtocol, nil -} diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/connection.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/connection.go deleted file mode 100644 index 21b2568d9..000000000 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/connection.go +++ /dev/null @@ -1,187 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package spdy - -import ( - "net" - "net/http" - "sync" - "time" - - "github.com/moby/spdystream" - "k8s.io/apimachinery/pkg/util/httpstream" - "k8s.io/klog/v2" -) - -// connection maintains state about a spdystream.Connection and its associated -// streams. -type connection struct { - conn *spdystream.Connection - streams []httpstream.Stream - streamLock sync.Mutex - newStreamHandler httpstream.NewStreamHandler - ping func() (time.Duration, error) -} - -// NewClientConnection creates a new SPDY client connection. -func NewClientConnection(conn net.Conn) (httpstream.Connection, error) { - return NewClientConnectionWithPings(conn, 0) -} - -// NewClientConnectionWithPings creates a new SPDY client connection. -// -// If pingPeriod is non-zero, a background goroutine will send periodic Ping -// frames to the server. Use this to keep idle connections through certain load -// balancers alive longer. -func NewClientConnectionWithPings(conn net.Conn, pingPeriod time.Duration) (httpstream.Connection, error) { - spdyConn, err := spdystream.NewConnection(conn, false) - if err != nil { - defer conn.Close() - return nil, err - } - - return newConnection(spdyConn, httpstream.NoOpNewStreamHandler, pingPeriod, spdyConn.Ping), nil -} - -// NewServerConnection creates a new SPDY server connection. newStreamHandler -// will be invoked when the server receives a newly created stream from the -// client. -func NewServerConnection(conn net.Conn, newStreamHandler httpstream.NewStreamHandler) (httpstream.Connection, error) { - return NewServerConnectionWithPings(conn, newStreamHandler, 0) -} - -// NewServerConnectionWithPings creates a new SPDY server connection. -// newStreamHandler will be invoked when the server receives a newly created -// stream from the client. -// -// If pingPeriod is non-zero, a background goroutine will send periodic Ping -// frames to the server. Use this to keep idle connections through certain load -// balancers alive longer. -func NewServerConnectionWithPings(conn net.Conn, newStreamHandler httpstream.NewStreamHandler, pingPeriod time.Duration) (httpstream.Connection, error) { - spdyConn, err := spdystream.NewConnection(conn, true) - if err != nil { - defer conn.Close() - return nil, err - } - - return newConnection(spdyConn, newStreamHandler, pingPeriod, spdyConn.Ping), nil -} - -// newConnection returns a new connection wrapping conn. newStreamHandler -// will be invoked when the server receives a newly created stream from the -// client. -func newConnection(conn *spdystream.Connection, newStreamHandler httpstream.NewStreamHandler, pingPeriod time.Duration, pingFn func() (time.Duration, error)) httpstream.Connection { - c := &connection{conn: conn, newStreamHandler: newStreamHandler, ping: pingFn} - go conn.Serve(c.newSpdyStream) - if pingPeriod > 0 && pingFn != nil { - go c.sendPings(pingPeriod) - } - return c -} - -// createStreamResponseTimeout indicates how long to wait for the other side to -// acknowledge the new stream before timing out. -const createStreamResponseTimeout = 30 * time.Second - -// Close first sends a reset for all of the connection's streams, and then -// closes the underlying spdystream.Connection. -func (c *connection) Close() error { - c.streamLock.Lock() - for _, s := range c.streams { - // calling Reset instead of Close ensures that all streams are fully torn down - s.Reset() - } - c.streams = make([]httpstream.Stream, 0) - c.streamLock.Unlock() - - // now that all streams are fully torn down, it's safe to call close on the underlying connection, - // which should be able to terminate immediately at this point, instead of waiting for any - // remaining graceful stream termination. - return c.conn.Close() -} - -// CreateStream creates a new stream with the specified headers and registers -// it with the connection. -func (c *connection) CreateStream(headers http.Header) (httpstream.Stream, error) { - stream, err := c.conn.CreateStream(headers, nil, false) - if err != nil { - return nil, err - } - if err = stream.WaitTimeout(createStreamResponseTimeout); err != nil { - return nil, err - } - - c.registerStream(stream) - return stream, nil -} - -// registerStream adds the stream s to the connection's list of streams that -// it owns. -func (c *connection) registerStream(s httpstream.Stream) { - c.streamLock.Lock() - c.streams = append(c.streams, s) - c.streamLock.Unlock() -} - -// CloseChan returns a channel that, when closed, indicates that the underlying -// spdystream.Connection has been closed. -func (c *connection) CloseChan() <-chan bool { - return c.conn.CloseChan() -} - -// newSpdyStream is the internal new stream handler used by spdystream.Connection.Serve. -// It calls connection's newStreamHandler, giving it the opportunity to accept or reject -// the stream. If newStreamHandler returns an error, the stream is rejected. If not, the -// stream is accepted and registered with the connection. -func (c *connection) newSpdyStream(stream *spdystream.Stream) { - replySent := make(chan struct{}) - err := c.newStreamHandler(stream, replySent) - rejectStream := (err != nil) - if rejectStream { - klog.Warningf("Stream rejected: %v", err) - stream.Reset() - return - } - - c.registerStream(stream) - stream.SendReply(http.Header{}, rejectStream) - close(replySent) -} - -// SetIdleTimeout sets the amount of time the connection may remain idle before -// it is automatically closed. -func (c *connection) SetIdleTimeout(timeout time.Duration) { - c.conn.SetIdleTimeout(timeout) -} - -func (c *connection) sendPings(period time.Duration) { - t := time.NewTicker(period) - defer t.Stop() - for { - select { - case <-c.conn.CloseChan(): - return - case <-t.C: - } - if _, err := c.ping(); err != nil { - klog.V(3).Infof("SPDY Ping failed: %v", err) - // Continue, in case this is a transient failure. - // c.conn.CloseChan above will tell us when the connection is - // actually closed. - } - } -} diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go deleted file mode 100644 index 4cb1cfadc..000000000 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go +++ /dev/null @@ -1,369 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package spdy - -import ( - "bufio" - "bytes" - "context" - "crypto/tls" - "encoding/base64" - "fmt" - "io" - "io/ioutil" - "net" - "net/http" - "net/http/httputil" - "net/url" - "strings" - "time" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" - "k8s.io/apimachinery/pkg/util/httpstream" - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/third_party/forked/golang/netutil" -) - -// SpdyRoundTripper knows how to upgrade an HTTP request to one that supports -// multiplexed streams. After RoundTrip() is invoked, Conn will be set -// and usable. SpdyRoundTripper implements the UpgradeRoundTripper interface. -type SpdyRoundTripper struct { - //tlsConfig holds the TLS configuration settings to use when connecting - //to the remote server. - tlsConfig *tls.Config - - /* TODO according to http://golang.org/pkg/net/http/#RoundTripper, a RoundTripper - must be safe for use by multiple concurrent goroutines. If this is absolutely - necessary, we could keep a map from http.Request to net.Conn. In practice, - a client will create an http.Client, set the transport to a new insteace of - SpdyRoundTripper, and use it a single time, so this hopefully won't be an issue. - */ - // conn is the underlying network connection to the remote server. - conn net.Conn - - // Dialer is the dialer used to connect. Used if non-nil. - Dialer *net.Dialer - - // proxier knows which proxy to use given a request, defaults to http.ProxyFromEnvironment - // Used primarily for mocking the proxy discovery in tests. - proxier func(req *http.Request) (*url.URL, error) - - // followRedirects indicates if the round tripper should examine responses for redirects and - // follow them. - followRedirects bool - // requireSameHostRedirects restricts redirect following to only follow redirects to the same host - // as the original request. - requireSameHostRedirects bool - // pingPeriod is a period for sending Ping frames over established - // connections. - pingPeriod time.Duration -} - -var _ utilnet.TLSClientConfigHolder = &SpdyRoundTripper{} -var _ httpstream.UpgradeRoundTripper = &SpdyRoundTripper{} -var _ utilnet.Dialer = &SpdyRoundTripper{} - -// NewRoundTripper creates a new SpdyRoundTripper that will use the specified -// tlsConfig. -func NewRoundTripper(tlsConfig *tls.Config, followRedirects, requireSameHostRedirects bool) *SpdyRoundTripper { - return NewRoundTripperWithConfig(RoundTripperConfig{ - TLS: tlsConfig, - FollowRedirects: followRedirects, - RequireSameHostRedirects: requireSameHostRedirects, - }) -} - -// NewRoundTripperWithProxy creates a new SpdyRoundTripper that will use the -// specified tlsConfig and proxy func. -func NewRoundTripperWithProxy(tlsConfig *tls.Config, followRedirects, requireSameHostRedirects bool, proxier func(*http.Request) (*url.URL, error)) *SpdyRoundTripper { - return NewRoundTripperWithConfig(RoundTripperConfig{ - TLS: tlsConfig, - FollowRedirects: followRedirects, - RequireSameHostRedirects: requireSameHostRedirects, - Proxier: proxier, - }) -} - -// NewRoundTripperWithProxy creates a new SpdyRoundTripper with the specified -// configuration. -func NewRoundTripperWithConfig(cfg RoundTripperConfig) *SpdyRoundTripper { - if cfg.Proxier == nil { - cfg.Proxier = utilnet.NewProxierWithNoProxyCIDR(http.ProxyFromEnvironment) - } - return &SpdyRoundTripper{ - tlsConfig: cfg.TLS, - followRedirects: cfg.FollowRedirects, - requireSameHostRedirects: cfg.RequireSameHostRedirects, - proxier: cfg.Proxier, - pingPeriod: cfg.PingPeriod, - } -} - -// RoundTripperConfig is a set of options for an SpdyRoundTripper. -type RoundTripperConfig struct { - // TLS configuration used by the round tripper. - TLS *tls.Config - // Proxier is a proxy function invoked on each request. Optional. - Proxier func(*http.Request) (*url.URL, error) - // PingPeriod is a period for sending SPDY Pings on the connection. - // Optional. - PingPeriod time.Duration - - FollowRedirects bool - RequireSameHostRedirects bool -} - -// TLSClientConfig implements pkg/util/net.TLSClientConfigHolder for proper TLS checking during -// proxying with a spdy roundtripper. -func (s *SpdyRoundTripper) TLSClientConfig() *tls.Config { - return s.tlsConfig -} - -// Dial implements k8s.io/apimachinery/pkg/util/net.Dialer. -func (s *SpdyRoundTripper) Dial(req *http.Request) (net.Conn, error) { - conn, err := s.dial(req) - if err != nil { - return nil, err - } - - if err := req.Write(conn); err != nil { - conn.Close() - return nil, err - } - - return conn, nil -} - -// dial dials the host specified by req, using TLS if appropriate, optionally -// using a proxy server if one is configured via environment variables. -func (s *SpdyRoundTripper) dial(req *http.Request) (net.Conn, error) { - proxyURL, err := s.proxier(req) - if err != nil { - return nil, err - } - - if proxyURL == nil { - return s.dialWithoutProxy(req.Context(), req.URL) - } - - // ensure we use a canonical host with proxyReq - targetHost := netutil.CanonicalAddr(req.URL) - - // proxying logic adapted from http://blog.h6t.eu/post/74098062923/golang-websocket-with-http-proxy-support - proxyReq := http.Request{ - Method: "CONNECT", - URL: &url.URL{}, - Host: targetHost, - } - - if pa := s.proxyAuth(proxyURL); pa != "" { - proxyReq.Header = http.Header{} - proxyReq.Header.Set("Proxy-Authorization", pa) - } - - proxyDialConn, err := s.dialWithoutProxy(req.Context(), proxyURL) - if err != nil { - return nil, err - } - - proxyClientConn := httputil.NewProxyClientConn(proxyDialConn, nil) - _, err = proxyClientConn.Do(&proxyReq) - if err != nil && err != httputil.ErrPersistEOF { - return nil, err - } - - rwc, _ := proxyClientConn.Hijack() - - if req.URL.Scheme != "https" { - return rwc, nil - } - - host, _, err := net.SplitHostPort(targetHost) - if err != nil { - return nil, err - } - - tlsConfig := s.tlsConfig - switch { - case tlsConfig == nil: - tlsConfig = &tls.Config{ServerName: host} - case len(tlsConfig.ServerName) == 0: - tlsConfig = tlsConfig.Clone() - tlsConfig.ServerName = host - } - - tlsConn := tls.Client(rwc, tlsConfig) - - // need to manually call Handshake() so we can call VerifyHostname() below - if err := tlsConn.Handshake(); err != nil { - return nil, err - } - - // Return if we were configured to skip validation - if tlsConfig.InsecureSkipVerify { - return tlsConn, nil - } - - if err := tlsConn.VerifyHostname(tlsConfig.ServerName); err != nil { - return nil, err - } - - return tlsConn, nil -} - -// dialWithoutProxy dials the host specified by url, using TLS if appropriate. -func (s *SpdyRoundTripper) dialWithoutProxy(ctx context.Context, url *url.URL) (net.Conn, error) { - dialAddr := netutil.CanonicalAddr(url) - - if url.Scheme == "http" { - if s.Dialer == nil { - var d net.Dialer - return d.DialContext(ctx, "tcp", dialAddr) - } else { - return s.Dialer.DialContext(ctx, "tcp", dialAddr) - } - } - - // TODO validate the TLSClientConfig is set up? - var conn *tls.Conn - var err error - if s.Dialer == nil { - conn, err = tls.Dial("tcp", dialAddr, s.tlsConfig) - } else { - conn, err = tls.DialWithDialer(s.Dialer, "tcp", dialAddr, s.tlsConfig) - } - if err != nil { - return nil, err - } - - // Return if we were configured to skip validation - if s.tlsConfig != nil && s.tlsConfig.InsecureSkipVerify { - return conn, nil - } - - host, _, err := net.SplitHostPort(dialAddr) - if err != nil { - return nil, err - } - if s.tlsConfig != nil && len(s.tlsConfig.ServerName) > 0 { - host = s.tlsConfig.ServerName - } - err = conn.VerifyHostname(host) - if err != nil { - return nil, err - } - - return conn, nil -} - -// proxyAuth returns, for a given proxy URL, the value to be used for the Proxy-Authorization header -func (s *SpdyRoundTripper) proxyAuth(proxyURL *url.URL) string { - if proxyURL == nil || proxyURL.User == nil { - return "" - } - credentials := proxyURL.User.String() - encodedAuth := base64.StdEncoding.EncodeToString([]byte(credentials)) - return fmt.Sprintf("Basic %s", encodedAuth) -} - -// RoundTrip executes the Request and upgrades it. After a successful upgrade, -// clients may call SpdyRoundTripper.Connection() to retrieve the upgraded -// connection. -func (s *SpdyRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { - header := utilnet.CloneHeader(req.Header) - header.Add(httpstream.HeaderConnection, httpstream.HeaderUpgrade) - header.Add(httpstream.HeaderUpgrade, HeaderSpdy31) - - var ( - conn net.Conn - rawResponse []byte - err error - ) - - if s.followRedirects { - conn, rawResponse, err = utilnet.ConnectWithRedirects(req.Method, req.URL, header, req.Body, s, s.requireSameHostRedirects) - } else { - clone := utilnet.CloneRequest(req) - clone.Header = header - conn, err = s.Dial(clone) - } - if err != nil { - return nil, err - } - - responseReader := bufio.NewReader( - io.MultiReader( - bytes.NewBuffer(rawResponse), - conn, - ), - ) - - resp, err := http.ReadResponse(responseReader, nil) - if err != nil { - if conn != nil { - conn.Close() - } - return nil, err - } - - s.conn = conn - - return resp, nil -} - -// NewConnection validates the upgrade response, creating and returning a new -// httpstream.Connection if there were no errors. -func (s *SpdyRoundTripper) NewConnection(resp *http.Response) (httpstream.Connection, error) { - connectionHeader := strings.ToLower(resp.Header.Get(httpstream.HeaderConnection)) - upgradeHeader := strings.ToLower(resp.Header.Get(httpstream.HeaderUpgrade)) - if (resp.StatusCode != http.StatusSwitchingProtocols) || !strings.Contains(connectionHeader, strings.ToLower(httpstream.HeaderUpgrade)) || !strings.Contains(upgradeHeader, strings.ToLower(HeaderSpdy31)) { - defer resp.Body.Close() - responseError := "" - responseErrorBytes, err := ioutil.ReadAll(resp.Body) - if err != nil { - responseError = "unable to read error from server response" - } else { - // TODO: I don't belong here, I should be abstracted from this class - if obj, _, err := statusCodecs.UniversalDecoder().Decode(responseErrorBytes, nil, &metav1.Status{}); err == nil { - if status, ok := obj.(*metav1.Status); ok { - return nil, &apierrors.StatusError{ErrStatus: *status} - } - } - responseError = string(responseErrorBytes) - responseError = strings.TrimSpace(responseError) - } - - return nil, fmt.Errorf("unable to upgrade connection: %s", responseError) - } - - return NewClientConnectionWithPings(s.conn, s.pingPeriod) -} - -// statusScheme is private scheme for the decoding here until someone fixes the TODO in NewConnection -var statusScheme = runtime.NewScheme() - -// ParameterCodec knows about query parameters used with the meta v1 API spec. -var statusCodecs = serializer.NewCodecFactory(statusScheme) - -func init() { - statusScheme.AddUnversionedTypes(metav1.SchemeGroupVersion, - &metav1.Status{}, - ) -} diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/upgrade.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/upgrade.go deleted file mode 100644 index f17eb09e9..000000000 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/upgrade.go +++ /dev/null @@ -1,120 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package spdy - -import ( - "bufio" - "fmt" - "io" - "net" - "net/http" - "strings" - "sync/atomic" - "time" - - "k8s.io/apimachinery/pkg/util/httpstream" - "k8s.io/apimachinery/pkg/util/runtime" -) - -const HeaderSpdy31 = "SPDY/3.1" - -// responseUpgrader knows how to upgrade HTTP responses. It -// implements the httpstream.ResponseUpgrader interface. -type responseUpgrader struct { - pingPeriod time.Duration -} - -// connWrapper is used to wrap a hijacked connection and its bufio.Reader. All -// calls will be handled directly by the underlying net.Conn with the exception -// of Read and Close calls, which will consider data in the bufio.Reader. This -// ensures that data already inside the used bufio.Reader instance is also -// read. -type connWrapper struct { - net.Conn - closed int32 - bufReader *bufio.Reader -} - -func (w *connWrapper) Read(b []byte) (n int, err error) { - if atomic.LoadInt32(&w.closed) == 1 { - return 0, io.EOF - } - return w.bufReader.Read(b) -} - -func (w *connWrapper) Close() error { - err := w.Conn.Close() - atomic.StoreInt32(&w.closed, 1) - return err -} - -// NewResponseUpgrader returns a new httpstream.ResponseUpgrader that is -// capable of upgrading HTTP responses using SPDY/3.1 via the -// spdystream package. -func NewResponseUpgrader() httpstream.ResponseUpgrader { - return NewResponseUpgraderWithPings(0) -} - -// NewResponseUpgraderWithPings returns a new httpstream.ResponseUpgrader that -// is capable of upgrading HTTP responses using SPDY/3.1 via the spdystream -// package. -// -// If pingPeriod is non-zero, for each incoming connection a background -// goroutine will send periodic Ping frames to the server. Use this to keep -// idle connections through certain load balancers alive longer. -func NewResponseUpgraderWithPings(pingPeriod time.Duration) httpstream.ResponseUpgrader { - return responseUpgrader{pingPeriod: pingPeriod} -} - -// UpgradeResponse upgrades an HTTP response to one that supports multiplexed -// streams. newStreamHandler will be called synchronously whenever the -// other end of the upgraded connection creates a new stream. -func (u responseUpgrader) UpgradeResponse(w http.ResponseWriter, req *http.Request, newStreamHandler httpstream.NewStreamHandler) httpstream.Connection { - connectionHeader := strings.ToLower(req.Header.Get(httpstream.HeaderConnection)) - upgradeHeader := strings.ToLower(req.Header.Get(httpstream.HeaderUpgrade)) - if !strings.Contains(connectionHeader, strings.ToLower(httpstream.HeaderUpgrade)) || !strings.Contains(upgradeHeader, strings.ToLower(HeaderSpdy31)) { - errorMsg := fmt.Sprintf("unable to upgrade: missing upgrade headers in request: %#v", req.Header) - http.Error(w, errorMsg, http.StatusBadRequest) - return nil - } - - hijacker, ok := w.(http.Hijacker) - if !ok { - errorMsg := fmt.Sprintf("unable to upgrade: unable to hijack response") - http.Error(w, errorMsg, http.StatusInternalServerError) - return nil - } - - w.Header().Add(httpstream.HeaderConnection, httpstream.HeaderUpgrade) - w.Header().Add(httpstream.HeaderUpgrade, HeaderSpdy31) - w.WriteHeader(http.StatusSwitchingProtocols) - - conn, bufrw, err := hijacker.Hijack() - if err != nil { - runtime.HandleError(fmt.Errorf("unable to upgrade: error hijacking response: %v", err)) - return nil - } - - connWithBuf := &connWrapper{Conn: conn, bufReader: bufrw.Reader} - spdyConn, err := NewServerConnectionWithPings(connWithBuf, newStreamHandler, u.pingPeriod) - if err != nil { - runtime.HandleError(fmt.Errorf("unable to upgrade: error creating SPDY server connection: %v", err)) - return nil - } - - return spdyConn -} diff --git a/vendor/k8s.io/apimachinery/pkg/util/remotecommand/constants.go b/vendor/k8s.io/apimachinery/pkg/util/remotecommand/constants.go deleted file mode 100644 index acfeb827c..000000000 --- a/vendor/k8s.io/apimachinery/pkg/util/remotecommand/constants.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package remotecommand - -import ( - "time" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -const ( - DefaultStreamCreationTimeout = 30 * time.Second - - // The SPDY subprotocol "channel.k8s.io" is used for remote command - // attachment/execution. This represents the initial unversioned subprotocol, - // which has the known bugs http://issues.k8s.io/13394 and - // http://issues.k8s.io/13395. - StreamProtocolV1Name = "channel.k8s.io" - - // The SPDY subprotocol "v2.channel.k8s.io" is used for remote command - // attachment/execution. It is the second version of the subprotocol and - // resolves the issues present in the first version. - StreamProtocolV2Name = "v2.channel.k8s.io" - - // The SPDY subprotocol "v3.channel.k8s.io" is used for remote command - // attachment/execution. It is the third version of the subprotocol and - // adds support for resizing container terminals. - StreamProtocolV3Name = "v3.channel.k8s.io" - - // The SPDY subprotocol "v4.channel.k8s.io" is used for remote command - // attachment/execution. It is the 4th version of the subprotocol and - // adds support for exit codes. - StreamProtocolV4Name = "v4.channel.k8s.io" - - NonZeroExitCodeReason = metav1.StatusReason("NonZeroExitCode") - ExitCodeCauseType = metav1.CauseType("ExitCode") -) - -var SupportedStreamingProtocols = []string{StreamProtocolV4Name, StreamProtocolV3Name, StreamProtocolV2Name, StreamProtocolV1Name} diff --git a/vendor/k8s.io/apimachinery/third_party/forked/golang/netutil/addr.go b/vendor/k8s.io/apimachinery/third_party/forked/golang/netutil/addr.go deleted file mode 100644 index c70f431c2..000000000 --- a/vendor/k8s.io/apimachinery/third_party/forked/golang/netutil/addr.go +++ /dev/null @@ -1,27 +0,0 @@ -package netutil - -import ( - "net/url" - "strings" -) - -// FROM: http://golang.org/src/net/http/client.go -// Given a string of the form "host", "host:port", or "[ipv6::address]:port", -// return true if the string includes a port. -func hasPort(s string) bool { return strings.LastIndex(s, ":") > strings.LastIndex(s, "]") } - -// FROM: http://golang.org/src/net/http/transport.go -var portMap = map[string]string{ - "http": "80", - "https": "443", -} - -// FROM: http://golang.org/src/net/http/transport.go -// canonicalAddr returns url.Host but always with a ":port" suffix -func CanonicalAddr(url *url.URL) string { - addr := url.Host - if !hasPort(addr) { - return addr + ":" + portMap[url.Scheme] - } - return addr -} diff --git a/vendor/k8s.io/client-go/tools/remotecommand/doc.go b/vendor/k8s.io/client-go/tools/remotecommand/doc.go deleted file mode 100644 index ac06a9cd3..000000000 --- a/vendor/k8s.io/client-go/tools/remotecommand/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package remotecommand adds support for executing commands in containers, -// with support for separate stdin, stdout, and stderr streams, as well as -// TTY. -package remotecommand // import "k8s.io/client-go/tools/remotecommand" diff --git a/vendor/k8s.io/client-go/tools/remotecommand/errorstream.go b/vendor/k8s.io/client-go/tools/remotecommand/errorstream.go deleted file mode 100644 index 360276b65..000000000 --- a/vendor/k8s.io/client-go/tools/remotecommand/errorstream.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package remotecommand - -import ( - "fmt" - "io" - "io/ioutil" - - "k8s.io/apimachinery/pkg/util/runtime" -) - -// errorStreamDecoder interprets the data on the error channel and creates a go error object from it. -type errorStreamDecoder interface { - decode(message []byte) error -} - -// watchErrorStream watches the errorStream for remote command error data, -// decodes it with the given errorStreamDecoder, sends the decoded error (or nil if the remote -// command exited successfully) to the returned error channel, and closes it. -// This function returns immediately. -func watchErrorStream(errorStream io.Reader, d errorStreamDecoder) chan error { - errorChan := make(chan error) - - go func() { - defer runtime.HandleCrash() - - message, err := ioutil.ReadAll(errorStream) - switch { - case err != nil && err != io.EOF: - errorChan <- fmt.Errorf("error reading from error stream: %s", err) - case len(message) > 0: - errorChan <- d.decode(message) - default: - errorChan <- nil - } - close(errorChan) - }() - - return errorChan -} diff --git a/vendor/k8s.io/client-go/tools/remotecommand/reader.go b/vendor/k8s.io/client-go/tools/remotecommand/reader.go deleted file mode 100644 index d1f1be34c..000000000 --- a/vendor/k8s.io/client-go/tools/remotecommand/reader.go +++ /dev/null @@ -1,41 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package remotecommand - -import ( - "io" -) - -// readerWrapper delegates to an io.Reader so that only the io.Reader interface is implemented, -// to keep io.Copy from doing things we don't want when copying from the reader to the data stream. -// -// If the Stdin io.Reader provided to remotecommand implements a WriteTo function (like bytes.Buffer does[1]), -// io.Copy calls that method[2] to attempt to write the entire buffer to the stream in one call. -// That results in an oversized call to spdystream.Stream#Write [3], -// which results in a single oversized data frame[4] that is too large. -// -// [1] https://golang.org/pkg/bytes/#Buffer.WriteTo -// [2] https://golang.org/pkg/io/#Copy -// [3] https://github.com/kubernetes/kubernetes/blob/90295640ef87db9daa0144c5617afe889e7992b2/vendor/github.com/docker/spdystream/stream.go#L66-L73 -// [4] https://github.com/kubernetes/kubernetes/blob/90295640ef87db9daa0144c5617afe889e7992b2/vendor/github.com/docker/spdystream/spdy/write.go#L302-L304 -type readerWrapper struct { - reader io.Reader -} - -func (r readerWrapper) Read(p []byte) (int, error) { - return r.reader.Read(p) -} diff --git a/vendor/k8s.io/client-go/tools/remotecommand/remotecommand.go b/vendor/k8s.io/client-go/tools/remotecommand/remotecommand.go deleted file mode 100644 index cb39faf7f..000000000 --- a/vendor/k8s.io/client-go/tools/remotecommand/remotecommand.go +++ /dev/null @@ -1,142 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package remotecommand - -import ( - "fmt" - "io" - "net/http" - "net/url" - - "k8s.io/klog/v2" - - "k8s.io/apimachinery/pkg/util/httpstream" - "k8s.io/apimachinery/pkg/util/remotecommand" - restclient "k8s.io/client-go/rest" - spdy "k8s.io/client-go/transport/spdy" -) - -// StreamOptions holds information pertaining to the current streaming session: -// input/output streams, if the client is requesting a TTY, and a terminal size queue to -// support terminal resizing. -type StreamOptions struct { - Stdin io.Reader - Stdout io.Writer - Stderr io.Writer - Tty bool - TerminalSizeQueue TerminalSizeQueue -} - -// Executor is an interface for transporting shell-style streams. -type Executor interface { - // Stream initiates the transport of the standard shell streams. It will transport any - // non-nil stream to a remote system, and return an error if a problem occurs. If tty - // is set, the stderr stream is not used (raw TTY manages stdout and stderr over the - // stdout stream). - Stream(options StreamOptions) error -} - -type streamCreator interface { - CreateStream(headers http.Header) (httpstream.Stream, error) -} - -type streamProtocolHandler interface { - stream(conn streamCreator) error -} - -// streamExecutor handles transporting standard shell streams over an httpstream connection. -type streamExecutor struct { - upgrader spdy.Upgrader - transport http.RoundTripper - - method string - url *url.URL - protocols []string -} - -// NewSPDYExecutor connects to the provided server and upgrades the connection to -// multiplexed bidirectional streams. -func NewSPDYExecutor(config *restclient.Config, method string, url *url.URL) (Executor, error) { - wrapper, upgradeRoundTripper, err := spdy.RoundTripperFor(config) - if err != nil { - return nil, err - } - return NewSPDYExecutorForTransports(wrapper, upgradeRoundTripper, method, url) -} - -// NewSPDYExecutorForTransports connects to the provided server using the given transport, -// upgrades the response using the given upgrader to multiplexed bidirectional streams. -func NewSPDYExecutorForTransports(transport http.RoundTripper, upgrader spdy.Upgrader, method string, url *url.URL) (Executor, error) { - return NewSPDYExecutorForProtocols( - transport, upgrader, method, url, - remotecommand.StreamProtocolV4Name, - remotecommand.StreamProtocolV3Name, - remotecommand.StreamProtocolV2Name, - remotecommand.StreamProtocolV1Name, - ) -} - -// NewSPDYExecutorForProtocols connects to the provided server and upgrades the connection to -// multiplexed bidirectional streams using only the provided protocols. Exposed for testing, most -// callers should use NewSPDYExecutor or NewSPDYExecutorForTransports. -func NewSPDYExecutorForProtocols(transport http.RoundTripper, upgrader spdy.Upgrader, method string, url *url.URL, protocols ...string) (Executor, error) { - return &streamExecutor{ - upgrader: upgrader, - transport: transport, - method: method, - url: url, - protocols: protocols, - }, nil -} - -// Stream opens a protocol streamer to the server and streams until a client closes -// the connection or the server disconnects. -func (e *streamExecutor) Stream(options StreamOptions) error { - req, err := http.NewRequest(e.method, e.url.String(), nil) - if err != nil { - return fmt.Errorf("error creating request: %v", err) - } - - conn, protocol, err := spdy.Negotiate( - e.upgrader, - &http.Client{Transport: e.transport}, - req, - e.protocols..., - ) - if err != nil { - return err - } - defer conn.Close() - - var streamer streamProtocolHandler - - switch protocol { - case remotecommand.StreamProtocolV4Name: - streamer = newStreamProtocolV4(options) - case remotecommand.StreamProtocolV3Name: - streamer = newStreamProtocolV3(options) - case remotecommand.StreamProtocolV2Name: - streamer = newStreamProtocolV2(options) - case "": - klog.V(4).Infof("The server did not negotiate a streaming protocol version. Falling back to %s", remotecommand.StreamProtocolV1Name) - fallthrough - case remotecommand.StreamProtocolV1Name: - streamer = newStreamProtocolV1(options) - } - - return streamer.stream(conn) -} diff --git a/vendor/k8s.io/client-go/tools/remotecommand/resize.go b/vendor/k8s.io/client-go/tools/remotecommand/resize.go deleted file mode 100644 index c838f21ba..000000000 --- a/vendor/k8s.io/client-go/tools/remotecommand/resize.go +++ /dev/null @@ -1,33 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package remotecommand - -// TerminalSize and TerminalSizeQueue was a part of k8s.io/kubernetes/pkg/util/term -// and were moved in order to decouple client from other term dependencies - -// TerminalSize represents the width and height of a terminal. -type TerminalSize struct { - Width uint16 - Height uint16 -} - -// TerminalSizeQueue is capable of returning terminal resize events as they occur. -type TerminalSizeQueue interface { - // Next returns the new terminal size after the terminal has been resized. It returns nil when - // monitoring has been stopped. - Next() *TerminalSize -} diff --git a/vendor/k8s.io/client-go/tools/remotecommand/v1.go b/vendor/k8s.io/client-go/tools/remotecommand/v1.go deleted file mode 100644 index ff0fbd2d7..000000000 --- a/vendor/k8s.io/client-go/tools/remotecommand/v1.go +++ /dev/null @@ -1,160 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package remotecommand - -import ( - "fmt" - "io" - "io/ioutil" - "net/http" - - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/httpstream" - "k8s.io/klog/v2" -) - -// streamProtocolV1 implements the first version of the streaming exec & attach -// protocol. This version has some bugs, such as not being able to detect when -// non-interactive stdin data has ended. See http://issues.k8s.io/13394 and -// http://issues.k8s.io/13395 for more details. -type streamProtocolV1 struct { - StreamOptions - - errorStream httpstream.Stream - remoteStdin httpstream.Stream - remoteStdout httpstream.Stream - remoteStderr httpstream.Stream -} - -var _ streamProtocolHandler = &streamProtocolV1{} - -func newStreamProtocolV1(options StreamOptions) streamProtocolHandler { - return &streamProtocolV1{ - StreamOptions: options, - } -} - -func (p *streamProtocolV1) stream(conn streamCreator) error { - doneChan := make(chan struct{}, 2) - errorChan := make(chan error) - - cp := func(s string, dst io.Writer, src io.Reader) { - klog.V(6).Infof("Copying %s", s) - defer klog.V(6).Infof("Done copying %s", s) - if _, err := io.Copy(dst, src); err != nil && err != io.EOF { - klog.Errorf("Error copying %s: %v", s, err) - } - if s == v1.StreamTypeStdout || s == v1.StreamTypeStderr { - doneChan <- struct{}{} - } - } - - // set up all the streams first - var err error - headers := http.Header{} - headers.Set(v1.StreamType, v1.StreamTypeError) - p.errorStream, err = conn.CreateStream(headers) - if err != nil { - return err - } - defer p.errorStream.Reset() - - // Create all the streams first, then start the copy goroutines. The server doesn't start its copy - // goroutines until it's received all of the streams. If the client creates the stdin stream and - // immediately begins copying stdin data to the server, it's possible to overwhelm and wedge the - // spdy frame handler in the server so that it is full of unprocessed frames. The frames aren't - // getting processed because the server hasn't started its copying, and it won't do that until it - // gets all the streams. By creating all the streams first, we ensure that the server is ready to - // process data before the client starts sending any. See https://issues.k8s.io/16373 for more info. - if p.Stdin != nil { - headers.Set(v1.StreamType, v1.StreamTypeStdin) - p.remoteStdin, err = conn.CreateStream(headers) - if err != nil { - return err - } - defer p.remoteStdin.Reset() - } - - if p.Stdout != nil { - headers.Set(v1.StreamType, v1.StreamTypeStdout) - p.remoteStdout, err = conn.CreateStream(headers) - if err != nil { - return err - } - defer p.remoteStdout.Reset() - } - - if p.Stderr != nil && !p.Tty { - headers.Set(v1.StreamType, v1.StreamTypeStderr) - p.remoteStderr, err = conn.CreateStream(headers) - if err != nil { - return err - } - defer p.remoteStderr.Reset() - } - - // now that all the streams have been created, proceed with reading & copying - - // always read from errorStream - go func() { - message, err := ioutil.ReadAll(p.errorStream) - if err != nil && err != io.EOF { - errorChan <- fmt.Errorf("Error reading from error stream: %s", err) - return - } - if len(message) > 0 { - errorChan <- fmt.Errorf("Error executing remote command: %s", message) - return - } - }() - - if p.Stdin != nil { - // TODO this goroutine will never exit cleanly (the io.Copy never unblocks) - // because stdin is not closed until the process exits. If we try to call - // stdin.Close(), it returns no error but doesn't unblock the copy. It will - // exit when the process exits, instead. - go cp(v1.StreamTypeStdin, p.remoteStdin, readerWrapper{p.Stdin}) - } - - waitCount := 0 - completedStreams := 0 - - if p.Stdout != nil { - waitCount++ - go cp(v1.StreamTypeStdout, p.Stdout, p.remoteStdout) - } - - if p.Stderr != nil && !p.Tty { - waitCount++ - go cp(v1.StreamTypeStderr, p.Stderr, p.remoteStderr) - } - -Loop: - for { - select { - case <-doneChan: - completedStreams++ - if completedStreams == waitCount { - break Loop - } - case err := <-errorChan: - return err - } - } - - return nil -} diff --git a/vendor/k8s.io/client-go/tools/remotecommand/v2.go b/vendor/k8s.io/client-go/tools/remotecommand/v2.go deleted file mode 100644 index 2f5561c94..000000000 --- a/vendor/k8s.io/client-go/tools/remotecommand/v2.go +++ /dev/null @@ -1,200 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package remotecommand - -import ( - "fmt" - "io" - "io/ioutil" - "net/http" - "sync" - - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/runtime" -) - -// streamProtocolV2 implements version 2 of the streaming protocol for attach -// and exec. The original streaming protocol was metav1. As a result, this -// version is referred to as version 2, even though it is the first actual -// numbered version. -type streamProtocolV2 struct { - StreamOptions - - errorStream io.Reader - remoteStdin io.ReadWriteCloser - remoteStdout io.Reader - remoteStderr io.Reader -} - -var _ streamProtocolHandler = &streamProtocolV2{} - -func newStreamProtocolV2(options StreamOptions) streamProtocolHandler { - return &streamProtocolV2{ - StreamOptions: options, - } -} - -func (p *streamProtocolV2) createStreams(conn streamCreator) error { - var err error - headers := http.Header{} - - // set up error stream - headers.Set(v1.StreamType, v1.StreamTypeError) - p.errorStream, err = conn.CreateStream(headers) - if err != nil { - return err - } - - // set up stdin stream - if p.Stdin != nil { - headers.Set(v1.StreamType, v1.StreamTypeStdin) - p.remoteStdin, err = conn.CreateStream(headers) - if err != nil { - return err - } - } - - // set up stdout stream - if p.Stdout != nil { - headers.Set(v1.StreamType, v1.StreamTypeStdout) - p.remoteStdout, err = conn.CreateStream(headers) - if err != nil { - return err - } - } - - // set up stderr stream - if p.Stderr != nil && !p.Tty { - headers.Set(v1.StreamType, v1.StreamTypeStderr) - p.remoteStderr, err = conn.CreateStream(headers) - if err != nil { - return err - } - } - return nil -} - -func (p *streamProtocolV2) copyStdin() { - if p.Stdin != nil { - var once sync.Once - - // copy from client's stdin to container's stdin - go func() { - defer runtime.HandleCrash() - - // if p.stdin is noninteractive, p.g. `echo abc | kubectl exec -i -- cat`, make sure - // we close remoteStdin as soon as the copy from p.stdin to remoteStdin finishes. Otherwise - // the executed command will remain running. - defer once.Do(func() { p.remoteStdin.Close() }) - - if _, err := io.Copy(p.remoteStdin, readerWrapper{p.Stdin}); err != nil { - runtime.HandleError(err) - } - }() - - // read from remoteStdin until the stream is closed. this is essential to - // be able to exit interactive sessions cleanly and not leak goroutines or - // hang the client's terminal. - // - // TODO we aren't using go-dockerclient any more; revisit this to determine if it's still - // required by engine-api. - // - // go-dockerclient's current hijack implementation - // (https://github.com/fsouza/go-dockerclient/blob/89f3d56d93788dfe85f864a44f85d9738fca0670/client.go#L564) - // waits for all three streams (stdin/stdout/stderr) to finish copying - // before returning. When hijack finishes copying stdout/stderr, it calls - // Close() on its side of remoteStdin, which allows this copy to complete. - // When that happens, we must Close() on our side of remoteStdin, to - // allow the copy in hijack to complete, and hijack to return. - go func() { - defer runtime.HandleCrash() - defer once.Do(func() { p.remoteStdin.Close() }) - - // this "copy" doesn't actually read anything - it's just here to wait for - // the server to close remoteStdin. - if _, err := io.Copy(ioutil.Discard, p.remoteStdin); err != nil { - runtime.HandleError(err) - } - }() - } -} - -func (p *streamProtocolV2) copyStdout(wg *sync.WaitGroup) { - if p.Stdout == nil { - return - } - - wg.Add(1) - go func() { - defer runtime.HandleCrash() - defer wg.Done() - // make sure, packet in queue can be consumed. - // block in queue may lead to deadlock in conn.server - // issue: https://github.com/kubernetes/kubernetes/issues/96339 - defer io.Copy(ioutil.Discard, p.remoteStdout) - - if _, err := io.Copy(p.Stdout, p.remoteStdout); err != nil { - runtime.HandleError(err) - } - }() -} - -func (p *streamProtocolV2) copyStderr(wg *sync.WaitGroup) { - if p.Stderr == nil || p.Tty { - return - } - - wg.Add(1) - go func() { - defer runtime.HandleCrash() - defer wg.Done() - defer io.Copy(ioutil.Discard, p.remoteStderr) - - if _, err := io.Copy(p.Stderr, p.remoteStderr); err != nil { - runtime.HandleError(err) - } - }() -} - -func (p *streamProtocolV2) stream(conn streamCreator) error { - if err := p.createStreams(conn); err != nil { - return err - } - - // now that all the streams have been created, proceed with reading & copying - - errorChan := watchErrorStream(p.errorStream, &errorDecoderV2{}) - - p.copyStdin() - - var wg sync.WaitGroup - p.copyStdout(&wg) - p.copyStderr(&wg) - - // we're waiting for stdout/stderr to finish copying - wg.Wait() - - // waits for errorStream to finish reading with an error or nil - return <-errorChan -} - -// errorDecoderV2 interprets the error channel data as plain text. -type errorDecoderV2 struct{} - -func (d *errorDecoderV2) decode(message []byte) error { - return fmt.Errorf("error executing remote command: %s", message) -} diff --git a/vendor/k8s.io/client-go/tools/remotecommand/v3.go b/vendor/k8s.io/client-go/tools/remotecommand/v3.go deleted file mode 100644 index 846dd24a5..000000000 --- a/vendor/k8s.io/client-go/tools/remotecommand/v3.go +++ /dev/null @@ -1,111 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package remotecommand - -import ( - "encoding/json" - "io" - "net/http" - "sync" - - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/runtime" -) - -// streamProtocolV3 implements version 3 of the streaming protocol for attach -// and exec. This version adds support for resizing the container's terminal. -type streamProtocolV3 struct { - *streamProtocolV2 - - resizeStream io.Writer -} - -var _ streamProtocolHandler = &streamProtocolV3{} - -func newStreamProtocolV3(options StreamOptions) streamProtocolHandler { - return &streamProtocolV3{ - streamProtocolV2: newStreamProtocolV2(options).(*streamProtocolV2), - } -} - -func (p *streamProtocolV3) createStreams(conn streamCreator) error { - // set up the streams from v2 - if err := p.streamProtocolV2.createStreams(conn); err != nil { - return err - } - - // set up resize stream - if p.Tty { - headers := http.Header{} - headers.Set(v1.StreamType, v1.StreamTypeResize) - var err error - p.resizeStream, err = conn.CreateStream(headers) - if err != nil { - return err - } - } - - return nil -} - -func (p *streamProtocolV3) handleResizes() { - if p.resizeStream == nil || p.TerminalSizeQueue == nil { - return - } - go func() { - defer runtime.HandleCrash() - - encoder := json.NewEncoder(p.resizeStream) - for { - size := p.TerminalSizeQueue.Next() - if size == nil { - return - } - if err := encoder.Encode(&size); err != nil { - runtime.HandleError(err) - } - } - }() -} - -func (p *streamProtocolV3) stream(conn streamCreator) error { - if err := p.createStreams(conn); err != nil { - return err - } - - // now that all the streams have been created, proceed with reading & copying - - errorChan := watchErrorStream(p.errorStream, &errorDecoderV3{}) - - p.handleResizes() - - p.copyStdin() - - var wg sync.WaitGroup - p.copyStdout(&wg) - p.copyStderr(&wg) - - // we're waiting for stdout/stderr to finish copying - wg.Wait() - - // waits for errorStream to finish reading with an error or nil - return <-errorChan -} - -type errorDecoderV3 struct { - errorDecoderV2 -} diff --git a/vendor/k8s.io/client-go/tools/remotecommand/v4.go b/vendor/k8s.io/client-go/tools/remotecommand/v4.go deleted file mode 100644 index 69ca934a0..000000000 --- a/vendor/k8s.io/client-go/tools/remotecommand/v4.go +++ /dev/null @@ -1,119 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package remotecommand - -import ( - "encoding/json" - "errors" - "fmt" - "strconv" - "sync" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/remotecommand" - "k8s.io/client-go/util/exec" -) - -// streamProtocolV4 implements version 4 of the streaming protocol for attach -// and exec. This version adds support for exit codes on the error stream through -// the use of metav1.Status instead of plain text messages. -type streamProtocolV4 struct { - *streamProtocolV3 -} - -var _ streamProtocolHandler = &streamProtocolV4{} - -func newStreamProtocolV4(options StreamOptions) streamProtocolHandler { - return &streamProtocolV4{ - streamProtocolV3: newStreamProtocolV3(options).(*streamProtocolV3), - } -} - -func (p *streamProtocolV4) createStreams(conn streamCreator) error { - return p.streamProtocolV3.createStreams(conn) -} - -func (p *streamProtocolV4) handleResizes() { - p.streamProtocolV3.handleResizes() -} - -func (p *streamProtocolV4) stream(conn streamCreator) error { - if err := p.createStreams(conn); err != nil { - return err - } - - // now that all the streams have been created, proceed with reading & copying - - errorChan := watchErrorStream(p.errorStream, &errorDecoderV4{}) - - p.handleResizes() - - p.copyStdin() - - var wg sync.WaitGroup - p.copyStdout(&wg) - p.copyStderr(&wg) - - // we're waiting for stdout/stderr to finish copying - wg.Wait() - - // waits for errorStream to finish reading with an error or nil - return <-errorChan -} - -// errorDecoderV4 interprets the json-marshaled metav1.Status on the error channel -// and creates an exec.ExitError from it. -type errorDecoderV4 struct{} - -func (d *errorDecoderV4) decode(message []byte) error { - status := metav1.Status{} - err := json.Unmarshal(message, &status) - if err != nil { - return fmt.Errorf("error stream protocol error: %v in %q", err, string(message)) - } - switch status.Status { - case metav1.StatusSuccess: - return nil - case metav1.StatusFailure: - if status.Reason == remotecommand.NonZeroExitCodeReason { - if status.Details == nil { - return errors.New("error stream protocol error: details must be set") - } - for i := range status.Details.Causes { - c := &status.Details.Causes[i] - if c.Type != remotecommand.ExitCodeCauseType { - continue - } - - rc, err := strconv.ParseUint(c.Message, 10, 8) - if err != nil { - return fmt.Errorf("error stream protocol error: invalid exit code value %q", c.Message) - } - return exec.CodeExitError{ - Err: fmt.Errorf("command terminated with exit code %d", rc), - Code: int(rc), - } - } - - return fmt.Errorf("error stream protocol error: no %s cause given", remotecommand.ExitCodeCauseType) - } - default: - return errors.New("error stream protocol error: unknown error") - } - - return fmt.Errorf(status.Message) -} diff --git a/vendor/k8s.io/client-go/transport/spdy/spdy.go b/vendor/k8s.io/client-go/transport/spdy/spdy.go deleted file mode 100644 index 406d3cc19..000000000 --- a/vendor/k8s.io/client-go/transport/spdy/spdy.go +++ /dev/null @@ -1,105 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package spdy - -import ( - "fmt" - "net/http" - "net/url" - "time" - - "k8s.io/apimachinery/pkg/util/httpstream" - "k8s.io/apimachinery/pkg/util/httpstream/spdy" - restclient "k8s.io/client-go/rest" -) - -// Upgrader validates a response from the server after a SPDY upgrade. -type Upgrader interface { - // NewConnection validates the response and creates a new Connection. - NewConnection(resp *http.Response) (httpstream.Connection, error) -} - -// RoundTripperFor returns a round tripper and upgrader to use with SPDY. -func RoundTripperFor(config *restclient.Config) (http.RoundTripper, Upgrader, error) { - tlsConfig, err := restclient.TLSConfigFor(config) - if err != nil { - return nil, nil, err - } - proxy := http.ProxyFromEnvironment - if config.Proxy != nil { - proxy = config.Proxy - } - upgradeRoundTripper := spdy.NewRoundTripperWithConfig(spdy.RoundTripperConfig{ - TLS: tlsConfig, - FollowRedirects: true, - RequireSameHostRedirects: false, - Proxier: proxy, - PingPeriod: time.Second * 5, - }) - wrapper, err := restclient.HTTPWrappersForConfig(config, upgradeRoundTripper) - if err != nil { - return nil, nil, err - } - return wrapper, upgradeRoundTripper, nil -} - -// dialer implements the httpstream.Dialer interface. -type dialer struct { - client *http.Client - upgrader Upgrader - method string - url *url.URL -} - -var _ httpstream.Dialer = &dialer{} - -// NewDialer will create a dialer that connects to the provided URL and upgrades the connection to SPDY. -func NewDialer(upgrader Upgrader, client *http.Client, method string, url *url.URL) httpstream.Dialer { - return &dialer{ - client: client, - upgrader: upgrader, - method: method, - url: url, - } -} - -func (d *dialer) Dial(protocols ...string) (httpstream.Connection, string, error) { - req, err := http.NewRequest(d.method, d.url.String(), nil) - if err != nil { - return nil, "", fmt.Errorf("error creating request: %v", err) - } - return Negotiate(d.upgrader, d.client, req, protocols...) -} - -// Negotiate opens a connection to a remote server and attempts to negotiate -// a SPDY connection. Upon success, it returns the connection and the protocol selected by -// the server. The client transport must use the upgradeRoundTripper - see RoundTripperFor. -func Negotiate(upgrader Upgrader, client *http.Client, req *http.Request, protocols ...string) (httpstream.Connection, string, error) { - for i := range protocols { - req.Header.Add(httpstream.HeaderProtocolVersion, protocols[i]) - } - resp, err := client.Do(req) - if err != nil { - return nil, "", fmt.Errorf("error sending request: %v", err) - } - defer resp.Body.Close() - conn, err := upgrader.NewConnection(resp) - if err != nil { - return nil, "", err - } - return conn, resp.Header.Get(httpstream.HeaderProtocolVersion), nil -} diff --git a/vendor/k8s.io/client-go/util/exec/exec.go b/vendor/k8s.io/client-go/util/exec/exec.go deleted file mode 100644 index d170badb6..000000000 --- a/vendor/k8s.io/client-go/util/exec/exec.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package exec - -// ExitError is an interface that presents an API similar to os.ProcessState, which is -// what ExitError from os/exec is. This is designed to make testing a bit easier and -// probably loses some of the cross-platform properties of the underlying library. -type ExitError interface { - String() string - Error() string - Exited() bool - ExitStatus() int -} - -// CodeExitError is an implementation of ExitError consisting of an error object -// and an exit code (the upper bits of os.exec.ExitStatus). -type CodeExitError struct { - Err error - Code int -} - -var _ ExitError = CodeExitError{} - -func (e CodeExitError) Error() string { - return e.Err.Error() -} - -func (e CodeExitError) String() string { - return e.Err.Error() -} - -func (e CodeExitError) Exited() bool { - return true -} - -func (e CodeExitError) ExitStatus() int { - return e.Code -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 2a44ffae5..dc171bc70 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -129,10 +129,6 @@ github.com/konsorten/go-windows-terminal-sequences # github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 => github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 ## explicit; go 1.9 github.com/matttproud/golang_protobuf_extensions/pbutil -# github.com/moby/spdystream v0.2.0 => github.com/moby/spdystream v0.2.0 -## explicit; go 1.13 -github.com/moby/spdystream -github.com/moby/spdystream/spdy # github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd => github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd ## explicit github.com/modern-go/concurrent @@ -501,8 +497,6 @@ k8s.io/apimachinery/pkg/util/clock k8s.io/apimachinery/pkg/util/diff k8s.io/apimachinery/pkg/util/errors k8s.io/apimachinery/pkg/util/framer -k8s.io/apimachinery/pkg/util/httpstream -k8s.io/apimachinery/pkg/util/httpstream/spdy k8s.io/apimachinery/pkg/util/intstr k8s.io/apimachinery/pkg/util/json k8s.io/apimachinery/pkg/util/managedfields @@ -510,7 +504,6 @@ k8s.io/apimachinery/pkg/util/mergepatch k8s.io/apimachinery/pkg/util/naming k8s.io/apimachinery/pkg/util/net k8s.io/apimachinery/pkg/util/rand -k8s.io/apimachinery/pkg/util/remotecommand k8s.io/apimachinery/pkg/util/runtime k8s.io/apimachinery/pkg/util/sets k8s.io/apimachinery/pkg/util/strategicpatch @@ -522,7 +515,6 @@ k8s.io/apimachinery/pkg/util/yaml k8s.io/apimachinery/pkg/version k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json -k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect # k8s.io/client-go v0.21.3 => k8s.io/client-go v0.21.3 ## explicit; go 1.16 @@ -689,12 +681,9 @@ k8s.io/client-go/tools/pager k8s.io/client-go/tools/record k8s.io/client-go/tools/record/util k8s.io/client-go/tools/reference -k8s.io/client-go/tools/remotecommand k8s.io/client-go/transport -k8s.io/client-go/transport/spdy k8s.io/client-go/util/cert k8s.io/client-go/util/connrotation -k8s.io/client-go/util/exec k8s.io/client-go/util/flowcontrol k8s.io/client-go/util/homedir k8s.io/client-go/util/jsonpath