mirror of https://github.com/pulumi/pulumi.git
2183 lines
71 KiB
Go
2183 lines
71 KiB
Go
// Copyright 2016-2021, Pulumi Corporation.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package workspace
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"crypto/sha256"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"hash"
|
|
"io"
|
|
"io/fs"
|
|
"net/http"
|
|
"net/url"
|
|
"os"
|
|
"os/exec"
|
|
"path"
|
|
"path/filepath"
|
|
"regexp"
|
|
"runtime"
|
|
"sort"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/blang/semver"
|
|
"github.com/cheggaaa/pb"
|
|
"github.com/djherbis/times"
|
|
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/diag"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/diag/colors"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/env"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/util/archive"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/util/cmdutil"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/util/contract"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/util/fsutil"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/util/httputil"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/util/logging"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/util/retry"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/version"
|
|
"github.com/pulumi/pulumi/sdk/v3/nodejs/npm"
|
|
"github.com/pulumi/pulumi/sdk/v3/python"
|
|
)
|
|
|
|
const (
|
|
windowsGOOS = "windows"
|
|
)
|
|
|
|
var enableLegacyPluginBehavior = os.Getenv("PULUMI_ENABLE_LEGACY_PLUGIN_SEARCH") != ""
|
|
|
|
// pluginDownloadURLOverrides is a variable instead of a constant so it can be set using the `-X` `ldflag` at build
|
|
// time, if necessary. When non-empty, it's parsed into `pluginDownloadURLOverridesParsed` in `init()`. The expected
|
|
// format is `regexp=URL`, and multiple pairs can be specified separated by commas, e.g. `regexp1=URL1,regexp2=URL2`.
|
|
//
|
|
// For example, when set to "^foo.*=https://foo,^bar.*=https://bar", plugin names that start with "foo" will use
|
|
// https://foo as the download URL and names that start with "bar" will use https://bar.
|
|
var pluginDownloadURLOverrides string
|
|
|
|
// pluginDownloadURLOverridesParsed is the parsed array from `pluginDownloadURLOverrides`.
|
|
var pluginDownloadURLOverridesParsed pluginDownloadOverrideArray
|
|
|
|
// pluginDownloadURLOverride represents a plugin download URL override, parsed from `pluginDownloadURLOverrides`.
|
|
type pluginDownloadURLOverride struct {
|
|
reg *regexp.Regexp // The regex used to match against the plugin's name.
|
|
url string // The URL to use for the matched plugin.
|
|
}
|
|
|
|
// pluginDownloadOverrideArray represents an array of overrides.
|
|
type pluginDownloadOverrideArray []pluginDownloadURLOverride
|
|
|
|
// get returns the URL and true if name matches an override's regular expression,
|
|
// otherwise an empty string and false.
|
|
func (overrides pluginDownloadOverrideArray) get(name string) (string, bool) {
|
|
for _, override := range overrides {
|
|
if override.reg.MatchString(name) {
|
|
return override.url, true
|
|
}
|
|
}
|
|
return "", false
|
|
}
|
|
|
|
func init() {
|
|
var err error
|
|
if pluginDownloadURLOverridesParsed, err = parsePluginDownloadURLOverrides(pluginDownloadURLOverrides); err != nil {
|
|
panic(fmt.Errorf("error parsing `pluginDownloadURLOverrides`: %w", err))
|
|
}
|
|
}
|
|
|
|
// parsePluginDownloadURLOverrides parses an overrides string with the expected format `regexp1=URL1,regexp2=URL2`.
|
|
func parsePluginDownloadURLOverrides(overrides string) (pluginDownloadOverrideArray, error) {
|
|
splits := strings.Split(overrides, ",")
|
|
result := make(pluginDownloadOverrideArray, 0, len(splits))
|
|
if overrides == "" {
|
|
return result, nil
|
|
}
|
|
for _, pair := range splits {
|
|
split := strings.Split(pair, "=")
|
|
if len(split) != 2 || split[0] == "" || split[1] == "" {
|
|
return nil, fmt.Errorf("expected format to be \"regexp1=URL1,regexp2=URL2\"; got %q", overrides)
|
|
}
|
|
reg, err := regexp.Compile(split[0])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
result = append(result, pluginDownloadURLOverride{
|
|
reg: reg,
|
|
url: split[1],
|
|
})
|
|
}
|
|
return result, nil
|
|
}
|
|
|
|
// MissingError is returned by functions that attempt to load plugins if a plugin can't be located.
|
|
type MissingError struct {
|
|
// Kind of the plugin that couldn't be found.
|
|
kind PluginKind
|
|
// Name of the plugin that couldn't be found.
|
|
name string
|
|
// Optional version of the plugin that couldn't be found.
|
|
version *semver.Version
|
|
// includeAmbient is true if we search $PATH for this plugin
|
|
includeAmbient bool
|
|
}
|
|
|
|
// NewMissingError allocates a new error indicating the given plugin info was not found.
|
|
func NewMissingError(kind PluginKind, name string, version *semver.Version, includeAmbient bool) error {
|
|
return &MissingError{
|
|
kind: kind,
|
|
name: name,
|
|
version: version,
|
|
includeAmbient: includeAmbient,
|
|
}
|
|
}
|
|
|
|
func (err *MissingError) Error() string {
|
|
includePath := ""
|
|
if err.includeAmbient {
|
|
includePath = " or on your $PATH"
|
|
}
|
|
|
|
if err.version != nil {
|
|
return fmt.Sprintf("no %[1]s plugin 'pulumi-%[1]s-%[2]s' found in the workspace at version v%[3]s%[4]s",
|
|
err.kind, err.name, err.version, includePath)
|
|
}
|
|
|
|
return fmt.Sprintf("no %[1]s plugin 'pulumi-%[1]s-%[2]s' found in the workspace%[3]s",
|
|
err.kind, err.name, includePath)
|
|
}
|
|
|
|
// PluginSource deals with downloading a specific version of a plugin, or looking up the latest version of it.
|
|
type PluginSource interface {
|
|
// Download fetches an io.ReadCloser for this plugin and also returns the size of the response (if known).
|
|
Download(
|
|
version semver.Version, opSy string, arch string,
|
|
getHTTPResponse func(*http.Request) (io.ReadCloser, int64, error)) (io.ReadCloser, int64, error)
|
|
// GetLatestVersion tries to find the latest version for this plugin. This is currently only supported for
|
|
// plugins we can get from github releases.
|
|
GetLatestVersion(getHTTPResponse func(*http.Request) (io.ReadCloser, int64, error)) (*semver.Version, error)
|
|
}
|
|
|
|
// standardAssetName returns the standard name for the asset that contains the given plugin.
|
|
func standardAssetName(name string, kind PluginKind, version semver.Version, opSy, arch string) string {
|
|
return fmt.Sprintf("pulumi-%s-%s-v%s-%s-%s.tar.gz", kind, name, version, opSy, arch)
|
|
}
|
|
|
|
// getPulumiSource can download a plugin from get.pulumi.com
|
|
type getPulumiSource struct {
|
|
name string
|
|
kind PluginKind
|
|
}
|
|
|
|
func newGetPulumiSource(name string, kind PluginKind) *getPulumiSource {
|
|
return &getPulumiSource{name: name, kind: kind}
|
|
}
|
|
|
|
func (source *getPulumiSource) GetLatestVersion(
|
|
getHTTPResponse func(*http.Request) (io.ReadCloser, int64, error),
|
|
) (*semver.Version, error) {
|
|
return nil, errors.New("GetLatestVersion is not supported for plugins from get.pulumi.com")
|
|
}
|
|
|
|
func (source *getPulumiSource) Download(
|
|
version semver.Version, opSy string, arch string,
|
|
getHTTPResponse func(*http.Request) (io.ReadCloser, int64, error),
|
|
) (io.ReadCloser, int64, error) {
|
|
serverURL := "https://get.pulumi.com/releases/plugins"
|
|
logging.V(1).Infof("%s downloading from %s", source.name, serverURL)
|
|
endpoint := fmt.Sprintf("%s/%s",
|
|
serverURL,
|
|
url.QueryEscape(standardAssetName(source.name, source.kind, version, opSy, arch)))
|
|
|
|
req, err := buildHTTPRequest(endpoint, "")
|
|
if err != nil {
|
|
return nil, -1, err
|
|
}
|
|
return getHTTPResponse(req)
|
|
}
|
|
|
|
// gitlabSource can download a plugin from gitlab releases.
|
|
type gitlabSource struct {
|
|
host string
|
|
project string
|
|
name string
|
|
kind PluginKind
|
|
|
|
token string
|
|
}
|
|
|
|
// Creates a new GitLab source from a gitlab://<host>/<project_id> url.
|
|
// Uses the GITLAB_TOKEN environment variable for authentication if it's set.
|
|
func newGitlabSource(url *url.URL, name string, kind PluginKind) (*gitlabSource, error) {
|
|
contract.Requiref(url.Scheme == "gitlab", "url", `scheme must be "gitlab", was %q`, url.Scheme)
|
|
|
|
host := url.Host
|
|
if host == "" {
|
|
return nil, fmt.Errorf("gitlab:// url must have a host part, was: %s", url)
|
|
}
|
|
|
|
project := strings.Trim(url.Path, "/")
|
|
if project == "" || strings.Contains(project, "/") {
|
|
return nil, fmt.Errorf(
|
|
"gitlab:// url must have the format <host>/<project>, was: %s",
|
|
url)
|
|
}
|
|
|
|
return &gitlabSource{
|
|
host: host,
|
|
project: project,
|
|
name: name,
|
|
kind: kind,
|
|
|
|
token: os.Getenv("GITLAB_TOKEN"),
|
|
}, nil
|
|
}
|
|
|
|
func (source *gitlabSource) newHTTPRequest(url, accept string) (*http.Request, error) {
|
|
var authorization string
|
|
if source.token != "" {
|
|
authorization = "Bearer " + source.token
|
|
}
|
|
|
|
req, err := buildHTTPRequest(url, authorization)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
req.Header.Set("Accept", accept)
|
|
return req, nil
|
|
}
|
|
|
|
func (source *gitlabSource) GetLatestVersion(
|
|
getHTTPResponse func(*http.Request) (io.ReadCloser, int64, error),
|
|
) (*semver.Version, error) {
|
|
releaseURL := fmt.Sprintf(
|
|
"https://%s/api/v4/projects/%s/releases/permalink/latest",
|
|
source.host, source.project)
|
|
logging.V(9).Infof("plugin GitLab releases url: %s", releaseURL)
|
|
req, err := source.newHTTPRequest(releaseURL, "application/json")
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
resp, length, err := getHTTPResponse(req)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer contract.IgnoreClose(resp)
|
|
|
|
var release struct {
|
|
TagName string `json:"tag_name"`
|
|
}
|
|
if err = json.NewDecoder(resp).Decode(&release); err != nil {
|
|
return nil, fmt.Errorf("cannot decode gitlab response len(%d): %w", length, err)
|
|
}
|
|
|
|
parsedVersion, err := semver.ParseTolerant(release.TagName)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("invalid plugin version %s: %w", release.TagName, err)
|
|
}
|
|
return &parsedVersion, nil
|
|
}
|
|
|
|
func (source *gitlabSource) Download(
|
|
version semver.Version, opSy string, arch string,
|
|
getHTTPResponse func(*http.Request) (io.ReadCloser, int64, error),
|
|
) (io.ReadCloser, int64, error) {
|
|
assetName := standardAssetName(source.name, source.kind, version, opSy, arch)
|
|
|
|
assetURL := fmt.Sprintf(
|
|
"https://%s/api/v4/projects/%s/releases/v%s/downloads/%s",
|
|
source.host, source.project, version, assetName)
|
|
logging.V(1).Infof("%s downloading from %s", source.name, assetURL)
|
|
|
|
req, err := source.newHTTPRequest(assetURL, "application/octet-stream")
|
|
if err != nil {
|
|
return nil, -1, err
|
|
}
|
|
return getHTTPResponse(req)
|
|
}
|
|
|
|
// githubSource can download a plugin from github releases
|
|
type githubSource struct {
|
|
host string
|
|
organization string
|
|
repository string
|
|
name string
|
|
kind PluginKind
|
|
|
|
token string
|
|
}
|
|
|
|
// Creates a new github source adding authentication data in the environment, if it exists
|
|
func newGithubSource(url *url.URL, name string, kind PluginKind) (*githubSource, error) {
|
|
contract.Requiref(url.Scheme == "github", "url", `scheme must be "github", was %q`, url.Scheme)
|
|
|
|
// 14-03-2022 we stopped looking at GITHUB_PERSONAL_ACCESS_TOKEN and sending basic auth for github and
|
|
// instead just look at GITHUB_TOKEN and send in a header. Given GITHUB_PERSONAL_ACCESS_TOKEN was an
|
|
// envvar we made up we check to see if it's set here and log a warning. This can be removed after a few
|
|
// releases.
|
|
if os.Getenv("GITHUB_PERSONAL_ACCESS_TOKEN") != "" {
|
|
logging.Warningf("GITHUB_PERSONAL_ACCESS_TOKEN is no longer used for Github authentication, set GITHUB_TOKEN instead")
|
|
}
|
|
|
|
host := url.Host
|
|
parts := strings.Split(strings.Trim(url.Path, "/"), "/")
|
|
|
|
if host == "" {
|
|
return nil, fmt.Errorf("github:// url must have a host part, was: %s", url)
|
|
}
|
|
|
|
if len(parts) != 1 && len(parts) != 2 {
|
|
return nil, fmt.Errorf(
|
|
"github:// url must have the format <host>/<organization>[/<repository>], was: %s",
|
|
url)
|
|
}
|
|
|
|
organization := parts[0]
|
|
if organization == "" {
|
|
return nil, fmt.Errorf(
|
|
"github:// url must have the format <host>/<organization>[/<repository>], was: %s",
|
|
url)
|
|
}
|
|
|
|
repository := "pulumi-" + name
|
|
if kind == ConverterPlugin {
|
|
// Converter plugins are expected at a different repo path, e.g.
|
|
// github.com/pulumi/pulumi-converter-aws rather than github.com/pulumi/pulumi-aws which would clash
|
|
// with the providers of the same name.
|
|
repository = "pulumi-converter-" + name
|
|
if name == "yaml" {
|
|
// We special case the yaml converter plugin to be in the pulumi-yaml repo. It's not ideal but its
|
|
// to have this hardcoded here than having to deal with two repos for YAML, and long term this
|
|
// should go away and be replaced with a registry lookup.
|
|
repository = "pulumi-yaml"
|
|
}
|
|
}
|
|
if len(parts) == 2 {
|
|
repository = parts[1]
|
|
}
|
|
|
|
return &githubSource{
|
|
host: host,
|
|
organization: organization,
|
|
repository: repository,
|
|
name: name,
|
|
kind: kind,
|
|
|
|
token: os.Getenv("GITHUB_TOKEN"),
|
|
}, nil
|
|
}
|
|
|
|
func (source *githubSource) newHTTPRequest(url, accept string) (*http.Request, error) {
|
|
var authorization string
|
|
if source.token != "" {
|
|
authorization = "token " + source.token
|
|
}
|
|
|
|
req, err := buildHTTPRequest(url, authorization)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
req.Header.Set("Accept", accept)
|
|
return req, nil
|
|
}
|
|
|
|
func (source *githubSource) getHTTPResponse(
|
|
getHTTPResponse func(*http.Request) (io.ReadCloser, int64, error),
|
|
req *http.Request,
|
|
) (io.ReadCloser, int64, error) {
|
|
resp, length, err := getHTTPResponse(req)
|
|
if err == nil {
|
|
return resp, length, nil
|
|
}
|
|
|
|
// Wrap 403 rate limit errors with a more helpful message.
|
|
var downErr *downloadError
|
|
if !errors.As(err, &downErr) || downErr.code != 403 {
|
|
return nil, -1, err
|
|
}
|
|
|
|
// This is a rate limiting error only if x-ratelimit-remaining is 0.
|
|
// https://docs.github.com/en/rest/overview/resources-in-the-rest-api?apiVersion=2022-11-28#exceeding-the-rate-limit
|
|
if downErr.header.Get("x-ratelimit-remaining") != "0" {
|
|
return nil, -1, err
|
|
}
|
|
|
|
tryAgain := "."
|
|
if reset, err := strconv.ParseInt(downErr.header.Get("x-ratelimit-reset"), 10, 64); err == nil {
|
|
delay := time.Until(time.Unix(reset, 0).UTC())
|
|
tryAgain = fmt.Sprintf(", try again in %s.", delay)
|
|
}
|
|
|
|
addAuth := ""
|
|
if source.token == "" {
|
|
addAuth = " You can set GITHUB_TOKEN to make an authenticated request with a higher rate limit."
|
|
}
|
|
|
|
logging.Errorf("GitHub rate limit exceeded for %s%s%s", req.URL, tryAgain, addAuth)
|
|
return nil, -1, fmt.Errorf("rate limit exceeded: %w", err)
|
|
}
|
|
|
|
func (source *githubSource) GetLatestVersion(
|
|
getHTTPResponse func(*http.Request) (io.ReadCloser, int64, error),
|
|
) (*semver.Version, error) {
|
|
releaseURL := fmt.Sprintf(
|
|
"https://%s/repos/%s/%s/releases/latest",
|
|
source.host, source.organization, source.repository)
|
|
logging.V(9).Infof("plugin GitHub releases url: %s", releaseURL)
|
|
req, err := source.newHTTPRequest(releaseURL, "application/json")
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
resp, length, err := source.getHTTPResponse(getHTTPResponse, req)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer contract.IgnoreClose(resp)
|
|
|
|
var release struct {
|
|
TagName string `json:"tag_name"`
|
|
}
|
|
if err = json.NewDecoder(resp).Decode(&release); err != nil {
|
|
return nil, fmt.Errorf("cannot decode github response len(%d): %w", length, err)
|
|
}
|
|
|
|
parsedVersion, err := semver.ParseTolerant(release.TagName)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("invalid plugin version %s: %w", release.TagName, err)
|
|
}
|
|
return &parsedVersion, nil
|
|
}
|
|
|
|
func (source *githubSource) Download(
|
|
version semver.Version, opSy string, arch string,
|
|
getHTTPResponse func(*http.Request) (io.ReadCloser, int64, error),
|
|
) (io.ReadCloser, int64, error) {
|
|
releaseURL := fmt.Sprintf(
|
|
"https://%s/repos/%s/%s/releases/tags/v%s",
|
|
source.host, source.organization, source.repository, version)
|
|
logging.V(9).Infof("plugin GitHub releases url: %s", releaseURL)
|
|
|
|
req, err := source.newHTTPRequest(releaseURL, "application/json")
|
|
if err != nil {
|
|
return nil, -1, err
|
|
}
|
|
resp, length, err := source.getHTTPResponse(getHTTPResponse, req)
|
|
if err != nil {
|
|
return nil, -1, err
|
|
}
|
|
defer contract.IgnoreClose(resp)
|
|
|
|
var release struct {
|
|
Assets []struct {
|
|
Name string `json:"name"`
|
|
URL string `json:"url"`
|
|
} `json:"assets"`
|
|
}
|
|
if err = json.NewDecoder(resp).Decode(&release); err != nil {
|
|
return nil, -1, fmt.Errorf("cannot decode github response len(%d): %w", length, err)
|
|
}
|
|
|
|
assetName := standardAssetName(source.name, source.kind, version, opSy, arch)
|
|
assetURL := ""
|
|
for _, asset := range release.Assets {
|
|
if asset.Name == assetName {
|
|
assetURL = asset.URL
|
|
}
|
|
}
|
|
if assetURL == "" {
|
|
logging.V(9).Infof("github response: %v", release)
|
|
logging.V(9).Infof("plugin asset '%s' not found", assetName)
|
|
return nil, -1, fmt.Errorf("plugin asset '%s' not found", assetName)
|
|
}
|
|
|
|
logging.V(1).Infof("%s downloading from %s", source.name, assetURL)
|
|
|
|
req, err = source.newHTTPRequest(assetURL, "application/octet-stream")
|
|
if err != nil {
|
|
return nil, -1, err
|
|
}
|
|
return source.getHTTPResponse(getHTTPResponse, req)
|
|
}
|
|
|
|
// httpSource can download a plugin from a given http url, it doesn't support GetLatestVersion
|
|
type httpSource struct {
|
|
name string
|
|
kind PluginKind
|
|
url string
|
|
}
|
|
|
|
func newHTTPSource(name string, kind PluginKind, url *url.URL) *httpSource {
|
|
contract.Requiref(
|
|
url.Scheme == "http" || url.Scheme == "https",
|
|
"url", `scheme must be "http" or "https", was %q`, url.Scheme)
|
|
|
|
return &httpSource{
|
|
name: name,
|
|
kind: kind,
|
|
url: url.String(),
|
|
}
|
|
}
|
|
|
|
func (source *httpSource) GetLatestVersion(
|
|
getHTTPResponse func(*http.Request) (io.ReadCloser, int64, error),
|
|
) (*semver.Version, error) {
|
|
return nil, errors.New("GetLatestVersion is not supported for plugins from http sources")
|
|
}
|
|
|
|
func interpolateURL(serverURL string, name string, version semver.Version, os, arch string) string {
|
|
// Expectation is the URL is already escaped, so we need to escape the {}'s in the replacement strings.
|
|
replacer := strings.NewReplacer(
|
|
"$%7BNAME%7D", url.QueryEscape(name),
|
|
"$%7BVERSION%7D", url.QueryEscape(version.String()),
|
|
"$%7BOS%7D", url.QueryEscape(os),
|
|
"$%7BARCH%7D", url.QueryEscape(arch))
|
|
return replacer.Replace(serverURL)
|
|
}
|
|
|
|
func (source *httpSource) Download(
|
|
version semver.Version, opSy string, arch string,
|
|
getHTTPResponse func(*http.Request) (io.ReadCloser, int64, error),
|
|
) (io.ReadCloser, int64, error) {
|
|
serverURL := interpolateURL(source.url, source.name, version, opSy, arch)
|
|
serverURL = strings.TrimSuffix(serverURL, "/")
|
|
logging.V(1).Infof("%s downloading from %s", source.name, serverURL)
|
|
|
|
endpoint := fmt.Sprintf("%s/%s",
|
|
serverURL,
|
|
url.QueryEscape(fmt.Sprintf("pulumi-%s-%s-v%s-%s-%s.tar.gz", source.kind, source.name, version, opSy, arch)))
|
|
|
|
req, err := buildHTTPRequest(endpoint, "")
|
|
if err != nil {
|
|
return nil, -1, err
|
|
}
|
|
return getHTTPResponse(req)
|
|
}
|
|
|
|
// fallbackSource handles our current default logic of trying the pulumi public github then get.pulumi.com.
|
|
type fallbackSource struct {
|
|
name string
|
|
kind PluginKind
|
|
}
|
|
|
|
func newFallbackSource(name string, kind PluginKind) *fallbackSource {
|
|
return &fallbackSource{
|
|
name: name,
|
|
kind: kind,
|
|
}
|
|
}
|
|
|
|
func urlMustParse(rawURL string) *url.URL {
|
|
url, err := url.Parse(rawURL)
|
|
contract.AssertNoErrorf(err, "url.Parse(%q)", rawURL)
|
|
return url
|
|
}
|
|
|
|
func (source *fallbackSource) GetLatestVersion(
|
|
getHTTPResponse func(*http.Request) (io.ReadCloser, int64, error),
|
|
) (*semver.Version, error) {
|
|
// Try and get this package from our public pulumi github
|
|
public, err := newGithubSource(urlMustParse("github://api.github.com/pulumi"), source.name, source.kind)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
version, err := public.GetLatestVersion(getHTTPResponse)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return version, nil
|
|
}
|
|
|
|
func (source *fallbackSource) Download(
|
|
version semver.Version, opSy string, arch string,
|
|
getHTTPResponse func(*http.Request) (io.ReadCloser, int64, error),
|
|
) (io.ReadCloser, int64, error) {
|
|
// Try and get this package from public pulumi github
|
|
public, err := newGithubSource(urlMustParse("github://api.github.com/pulumi"), source.name, source.kind)
|
|
if err != nil {
|
|
return nil, -1, err
|
|
}
|
|
resp, length, err := public.Download(version, opSy, arch, getHTTPResponse)
|
|
if err == nil {
|
|
return resp, length, nil
|
|
}
|
|
logging.Infof("Failed to download from GitHub, falling back to get.pulumi.com: %v", err)
|
|
|
|
// Fallback to get.pulumi.com
|
|
pulumi := newGetPulumiSource(source.name, source.kind)
|
|
return pulumi.Download(version, opSy, arch, getHTTPResponse)
|
|
}
|
|
|
|
type checksumError struct {
|
|
expected []byte
|
|
actual []byte
|
|
}
|
|
|
|
func (err *checksumError) Error() string {
|
|
return fmt.Sprintf("invalid checksum, expected %x, actual %x", err.expected, err.actual)
|
|
}
|
|
|
|
// checksumSource will validate that the archive downloaded from the inner source matches a checksum
|
|
type checksumSource struct {
|
|
source PluginSource
|
|
checksum map[string][]byte
|
|
}
|
|
|
|
func newChecksumSource(source PluginSource, checksum map[string][]byte) *checksumSource {
|
|
return &checksumSource{
|
|
source: source,
|
|
checksum: checksum,
|
|
}
|
|
}
|
|
|
|
func (source *checksumSource) GetLatestVersion(
|
|
getHTTPResponse func(*http.Request) (io.ReadCloser, int64, error),
|
|
) (*semver.Version, error) {
|
|
return source.source.GetLatestVersion(getHTTPResponse)
|
|
}
|
|
|
|
type checksumReader struct {
|
|
checksum []byte
|
|
io io.ReadCloser
|
|
hasher hash.Hash
|
|
}
|
|
|
|
func (reader *checksumReader) Read(p []byte) (int, error) {
|
|
n, err := reader.io.Read(p)
|
|
if err != nil {
|
|
if err == io.EOF {
|
|
// Check the checksum matches
|
|
actualChecksum := reader.hasher.Sum(nil)
|
|
if !bytes.Equal(reader.checksum, actualChecksum) {
|
|
return n, &checksumError{expected: reader.checksum, actual: actualChecksum}
|
|
}
|
|
}
|
|
return n, err
|
|
}
|
|
|
|
m, err := reader.hasher.Write(p[0:n])
|
|
contract.AssertNoErrorf(err, "error hashing input")
|
|
contract.Assertf(m == n, "wrote %d bytes, expected %d", m, n)
|
|
|
|
return n, nil
|
|
}
|
|
|
|
func (reader *checksumReader) Close() error {
|
|
return reader.io.Close()
|
|
}
|
|
|
|
func (source *checksumSource) Download(
|
|
version semver.Version, opSy string, arch string,
|
|
getHTTPResponse func(*http.Request) (io.ReadCloser, int64, error),
|
|
) (io.ReadCloser, int64, error) {
|
|
checksum, ok := source.checksum[fmt.Sprintf("%s-%s", opSy, arch)]
|
|
response, length, err := source.source.Download(version, opSy, arch, getHTTPResponse)
|
|
if err != nil {
|
|
return nil, -1, err
|
|
}
|
|
// If there's no checksum for this platform then skip validation.
|
|
if !ok {
|
|
return response, length, nil
|
|
}
|
|
|
|
return &checksumReader{
|
|
checksum: checksum,
|
|
hasher: sha256.New(),
|
|
io: response,
|
|
}, length, nil
|
|
}
|
|
|
|
// ProjectPlugin Information about a locally installed plugin specified by the project.
|
|
type ProjectPlugin struct {
|
|
Name string // the simple name of the plugin.
|
|
Kind PluginKind // the kind of the plugin (language, resource, etc).
|
|
Version *semver.Version // the plugin's semantic version, if present.
|
|
Path string // the path that a plugin is to be loaded from (this will always be a directory)
|
|
}
|
|
|
|
// Spec Return a PluginSpec object for this project plugin.
|
|
func (pp ProjectPlugin) Spec() PluginSpec {
|
|
return PluginSpec{
|
|
Name: pp.Name,
|
|
Kind: pp.Kind,
|
|
Version: pp.Version,
|
|
}
|
|
}
|
|
|
|
// PluginSpec provides basic specification for a plugin.
|
|
type PluginSpec struct {
|
|
Name string // the simple name of the plugin.
|
|
Kind PluginKind // the kind of the plugin (language, resource, etc).
|
|
Version *semver.Version // the plugin's semantic version, if present.
|
|
PluginDownloadURL string // an optional server to use when downloading this plugin.
|
|
PluginDir string // if set, will be used as the root plugin dir instead of ~/.pulumi/plugins.
|
|
|
|
// if set will be used to validate the plugin downloaded matches. This is keyed by "$os-$arch", e.g. "linux-x64".
|
|
Checksums map[string][]byte
|
|
}
|
|
|
|
// Dir gets the expected plugin directory for this plugin.
|
|
func (spec PluginSpec) Dir() string {
|
|
dir := fmt.Sprintf("%s-%s", spec.Kind, spec.Name)
|
|
if spec.Version != nil {
|
|
dir = fmt.Sprintf("%s-v%s", dir, spec.Version.String())
|
|
}
|
|
return dir
|
|
}
|
|
|
|
// File gets the expected filename for this plugin, excluding any platform specific suffixes (e.g. ".exe" on
|
|
// windows).
|
|
func (spec PluginSpec) File() string {
|
|
return fmt.Sprintf("pulumi-%s-%s", spec.Kind, spec.Name)
|
|
}
|
|
|
|
// DirPath returns the directory where this plugin should be installed.
|
|
func (spec PluginSpec) DirPath() (string, error) {
|
|
var err error
|
|
dir := spec.PluginDir
|
|
if dir == "" {
|
|
dir, err = GetPluginDir()
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
}
|
|
|
|
return filepath.Join(dir, spec.Dir()), nil
|
|
}
|
|
|
|
// LockFilePath returns the full path to the plugin's lock file used during installation
|
|
// to prevent concurrent installs.
|
|
func (spec PluginSpec) LockFilePath() (string, error) {
|
|
dir, err := spec.DirPath()
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return dir + ".lock", nil
|
|
}
|
|
|
|
// PartialFilePath returns the full path to the plugin's partial file used during installation
|
|
// to indicate installation of the plugin hasn't completed yet.
|
|
func (spec PluginSpec) PartialFilePath() (string, error) {
|
|
dir, err := spec.DirPath()
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return dir + ".partial", nil
|
|
}
|
|
|
|
func (spec PluginSpec) String() string {
|
|
var version string
|
|
if v := spec.Version; v != nil {
|
|
version = fmt.Sprintf("-%s", v)
|
|
}
|
|
return spec.Name + version
|
|
}
|
|
|
|
// PluginInfo provides basic information about a plugin. Each plugin gets installed into a system-wide
|
|
// location, by default `~/.pulumi/plugins/<kind>-<name>-<version>/`. A plugin may contain multiple files,
|
|
// however the primary loadable executable must be named `pulumi-<kind>-<name>`.
|
|
type PluginInfo struct {
|
|
Name string // the simple name of the plugin.
|
|
Path string // the path that a plugin was loaded from (this will always be a directory)
|
|
Kind PluginKind // the kind of the plugin (language, resource, etc).
|
|
Version *semver.Version // the plugin's semantic version, if present.
|
|
Size int64 // the size of the plugin, in bytes.
|
|
InstallTime time.Time // the time the plugin was installed.
|
|
LastUsedTime time.Time // the last time the plugin was used.
|
|
SchemaPath string // if set, used as the path for loading and caching the schema
|
|
SchemaTime time.Time // if set and newer than the file at SchemaPath, used to invalidate a cached schema
|
|
}
|
|
|
|
// Spec returns the PluginSpec for this PluginInfo
|
|
func (info *PluginInfo) Spec() PluginSpec {
|
|
return PluginSpec{Name: info.Name, Kind: info.Kind, Version: info.Version}
|
|
}
|
|
|
|
func (info PluginInfo) String() string {
|
|
var version string
|
|
if v := info.Version; v != nil {
|
|
version = fmt.Sprintf("-%s", v)
|
|
}
|
|
return info.Name + version
|
|
}
|
|
|
|
// Delete removes the plugin from the cache. It also deletes any supporting files in the cache, which includes
|
|
// any files that contain the same prefix as the plugin itself.
|
|
func (info *PluginInfo) Delete() error {
|
|
dir := info.Path
|
|
if err := os.RemoveAll(dir); err != nil {
|
|
return err
|
|
}
|
|
// Attempt to delete any leftover .partial or .lock files.
|
|
// Don't fail the operation if we can't delete these.
|
|
contract.IgnoreError(os.Remove(dir + ".partial"))
|
|
contract.IgnoreError(os.Remove(dir + ".lock"))
|
|
return nil
|
|
}
|
|
|
|
// SetFileMetadata adds extra metadata from the given file, representing this plugin's directory.
|
|
func (info *PluginInfo) SetFileMetadata(path string) error {
|
|
// Get the file info.
|
|
file, err := os.Stat(path)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Next, get the size from the directory (or, if there is none, just the file).
|
|
size, err := getPluginSize(path)
|
|
if err == nil {
|
|
info.Size = size
|
|
} else {
|
|
logging.V(6).Infof("unable to get plugin dir size for %s: %v", path, err)
|
|
}
|
|
|
|
// Next get the access times from the plugin binary itself.
|
|
tinfo := times.Get(file)
|
|
|
|
if tinfo.HasChangeTime() {
|
|
info.InstallTime = tinfo.ChangeTime()
|
|
} else {
|
|
info.InstallTime = tinfo.ModTime()
|
|
}
|
|
|
|
info.LastUsedTime = tinfo.AccessTime()
|
|
|
|
if info.Kind == ResourcePlugin {
|
|
var v string
|
|
if info.Version != nil {
|
|
v = "-" + info.Version.String() + "-"
|
|
}
|
|
info.SchemaPath = filepath.Join(filepath.Dir(path), "schema-"+info.Name+v+".json")
|
|
info.SchemaTime = tinfo.ModTime()
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (spec PluginSpec) GetSource() (PluginSource, error) {
|
|
baseSource, err := func() (PluginSource, error) {
|
|
// The plugin has a set URL use that.
|
|
if spec.PluginDownloadURL != "" {
|
|
// Support schematised URLS if the URL has a "schema" part we recognize
|
|
url, err := url.Parse(spec.PluginDownloadURL)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
switch url.Scheme {
|
|
case "github":
|
|
return newGithubSource(url, spec.Name, spec.Kind)
|
|
case "gitlab":
|
|
return newGitlabSource(url, spec.Name, spec.Kind)
|
|
case "http", "https":
|
|
return newHTTPSource(spec.Name, spec.Kind, url), nil
|
|
default:
|
|
return nil, fmt.Errorf("unknown plugin source scheme: %s", url.Scheme)
|
|
}
|
|
}
|
|
|
|
// If the plugin name matches an override, download the plugin from the override URL.
|
|
if url, ok := pluginDownloadURLOverridesParsed.get(spec.Name); ok {
|
|
return newHTTPSource(spec.Name, spec.Kind, urlMustParse(url)), nil
|
|
}
|
|
|
|
// Use our default fallback behaviour of github then get.pulumi.com
|
|
return newFallbackSource(spec.Name, spec.Kind), nil
|
|
}()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if len(spec.Checksums) != 0 {
|
|
return newChecksumSource(baseSource, spec.Checksums), nil
|
|
}
|
|
return baseSource, nil
|
|
}
|
|
|
|
// GetLatestVersion tries to find the latest version for this plugin. This is currently only supported for
|
|
// plugins we can get from github releases.
|
|
func (spec PluginSpec) GetLatestVersion() (*semver.Version, error) {
|
|
source, err := spec.GetSource()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return source.GetLatestVersion(getHTTPResponseWithRetry)
|
|
}
|
|
|
|
// Download fetches an io.ReadCloser for this plugin and also returns the size of the response (if known).
|
|
func (spec PluginSpec) Download() (io.ReadCloser, int64, error) {
|
|
// Figure out the OS/ARCH pair for the download URL.
|
|
var opSy string
|
|
switch runtime.GOOS {
|
|
case "darwin", "linux", "windows":
|
|
opSy = runtime.GOOS
|
|
default:
|
|
return nil, -1, fmt.Errorf("unsupported plugin OS: %s", runtime.GOOS)
|
|
}
|
|
var arch string
|
|
switch runtime.GOARCH {
|
|
case "amd64", "arm64":
|
|
arch = runtime.GOARCH
|
|
default:
|
|
return nil, -1, fmt.Errorf("unsupported plugin architecture: %s", runtime.GOARCH)
|
|
}
|
|
|
|
// The plugin version is necessary for the endpoint. If it's not present, return an error.
|
|
if spec.Version == nil {
|
|
return nil, -1, fmt.Errorf("unknown version for plugin %s", spec.Name)
|
|
}
|
|
|
|
source, err := spec.GetSource()
|
|
if err != nil {
|
|
return nil, -1, err
|
|
}
|
|
return source.Download(*spec.Version, opSy, arch, getHTTPResponse)
|
|
}
|
|
|
|
func buildHTTPRequest(pluginEndpoint string, authorization string) (*http.Request, error) {
|
|
req, err := http.NewRequest("GET", pluginEndpoint, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
userAgent := fmt.Sprintf("pulumi-cli/1 (%s; %s)", version.Version, runtime.GOOS)
|
|
req.Header.Set("User-Agent", userAgent)
|
|
|
|
if authorization != "" {
|
|
req.Header.Set("Authorization", authorization)
|
|
}
|
|
|
|
return req, nil
|
|
}
|
|
|
|
func getHTTPResponse(req *http.Request) (io.ReadCloser, int64, error) {
|
|
logging.V(9).Infof("full plugin download url: %s", req.URL)
|
|
// This logs at level 11 because it could include authentication headers, we reserve log level 11 for
|
|
// detailed api logs that may include credentials.
|
|
logging.V(11).Infof("plugin install request headers: %v", req.Header)
|
|
|
|
resp, err := http.DefaultClient.Do(req)
|
|
if err != nil {
|
|
return nil, -1, err
|
|
}
|
|
|
|
// As above this might include authentication information, but also to be consistent at what level headers
|
|
// print at.
|
|
logging.V(11).Infof("plugin install response headers: %v", resp.Header)
|
|
|
|
if resp.StatusCode < 200 || resp.StatusCode > 299 {
|
|
contract.IgnoreClose(resp.Body)
|
|
return nil, -1, newDownloadError(resp.StatusCode, req.URL, resp.Header)
|
|
}
|
|
|
|
return resp.Body, resp.ContentLength, nil
|
|
}
|
|
|
|
func getHTTPResponseWithRetry(req *http.Request) (io.ReadCloser, int64, error) {
|
|
logging.V(9).Infof("full plugin download url: %s", req.URL)
|
|
// This logs at level 11 because it could include authentication headers, we reserve log level 11 for
|
|
// detailed api logs that may include credentials.
|
|
logging.V(11).Infof("plugin install request headers: %v", req.Header)
|
|
|
|
resp, err := httputil.DoWithRetry(req, http.DefaultClient)
|
|
if err != nil {
|
|
return nil, -1, err
|
|
}
|
|
|
|
// As above this might include authentication information, but also to be consistent at what level headers
|
|
// print at.
|
|
logging.V(11).Infof("plugin install response headers: %v", resp.Header)
|
|
|
|
if resp.StatusCode < 200 || resp.StatusCode > 299 {
|
|
contract.IgnoreClose(resp.Body)
|
|
return nil, -1, newDownloadError(resp.StatusCode, req.URL, resp.Header)
|
|
}
|
|
|
|
return resp.Body, resp.ContentLength, nil
|
|
}
|
|
|
|
// downloadError is an error that happened during the HTTP download of a plugin.
|
|
type downloadError struct {
|
|
msg string
|
|
code int
|
|
header http.Header
|
|
}
|
|
|
|
func (e *downloadError) Error() string {
|
|
return e.msg
|
|
}
|
|
|
|
// Create a new downloadError with a message that indicates GITHUB_TOKEN should be set.
|
|
func newGithubPrivateRepoError(statusCode int, url *url.URL) error {
|
|
return &downloadError{
|
|
code: statusCode,
|
|
msg: fmt.Sprintf("%d HTTP error fetching plugin from %s. "+
|
|
"If this is a private GitHub repository, try "+
|
|
"providing a token via the GITHUB_TOKEN environment variable. "+
|
|
"See: https://github.com/settings/tokens",
|
|
statusCode, url),
|
|
}
|
|
}
|
|
|
|
// Create a new downloadError.
|
|
func newDownloadError(statusCode int, url *url.URL, header http.Header) error {
|
|
if url.Host == "api.github.com" && statusCode == 404 {
|
|
return newGithubPrivateRepoError(statusCode, url)
|
|
}
|
|
return &downloadError{
|
|
code: statusCode,
|
|
msg: fmt.Sprintf("%d HTTP error fetching plugin from %s", statusCode, url),
|
|
header: header,
|
|
}
|
|
}
|
|
|
|
// installLock acquires a file lock used to prevent concurrent installs.
|
|
func (spec PluginSpec) installLock() (unlock func(), err error) {
|
|
finalDir, err := spec.DirPath()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
lockFilePath := finalDir + ".lock"
|
|
|
|
if err := os.MkdirAll(filepath.Dir(lockFilePath), 0o700); err != nil {
|
|
return nil, fmt.Errorf("creating plugin root: %w", err)
|
|
}
|
|
|
|
mutex := fsutil.NewFileMutex(lockFilePath)
|
|
if err := mutex.Lock(); err != nil {
|
|
return nil, err
|
|
}
|
|
return func() {
|
|
contract.IgnoreError(mutex.Unlock())
|
|
}, nil
|
|
}
|
|
|
|
// Install installs a plugin's tarball into the cache. See InstallWithContext for details.
|
|
func (spec PluginSpec) Install(tgz io.ReadCloser, reinstall bool) error {
|
|
return spec.InstallWithContext(context.Background(), tarPlugin{tgz}, reinstall)
|
|
}
|
|
|
|
// pluginDownloader is responsible for downloading plugins from PluginSpecs.
|
|
//
|
|
// It allows hooking into various stages of the download process
|
|
// to allow for custom behavior and progress reporting.
|
|
//
|
|
// All fields are optional.
|
|
type pluginDownloader struct {
|
|
// WrapStream wraps the stream returned by the plugin source.
|
|
// This is useful for things like reporting progress.
|
|
WrapStream func(stream io.ReadCloser, size int64) io.ReadCloser
|
|
|
|
// OnRetry receives a notification when a download fails
|
|
// and is about to be retried.
|
|
// err is the error that caused the retry.
|
|
// attempt is the number of the attempt that failed (starting at 1).
|
|
// limit is the maximum number of attempts.
|
|
// delay is the amount of time that will be slept before the next attempt.
|
|
// DO NOT sleep in this function. It's for observation only.
|
|
OnRetry func(err error, attempt int, limit int, delay time.Duration)
|
|
|
|
// Controls how to sleep between retries.
|
|
After func(time.Duration) <-chan time.Time // == time.After
|
|
}
|
|
|
|
// copyBuffer copies from src to dst until either EOF is reached on src or an error occurs.
|
|
//
|
|
// This is an internal helper that's pretty much just a copy of io.Copy except it returns read and
|
|
// write errors separately. We only want to retry if the read (i.e. download) fails, if the write
|
|
// fails thats probably due to file permissions or space limitations and there's no point retrying.
|
|
func (d *pluginDownloader) copyBuffer(dst io.Writer, src io.Reader) (written int64, readErr error, writeErr error) {
|
|
size := 32 * 1024
|
|
if l, ok := src.(*io.LimitedReader); ok && int64(size) > l.N {
|
|
if l.N < 1 {
|
|
size = 1
|
|
} else {
|
|
size = int(l.N)
|
|
}
|
|
}
|
|
buf := make([]byte, size)
|
|
|
|
for {
|
|
nr, er := src.Read(buf)
|
|
if nr > 0 {
|
|
nw, ew := dst.Write(buf[0:nr])
|
|
if nw < 0 || nr < nw {
|
|
nw = 0
|
|
if ew == nil {
|
|
ew = errors.New("invalid write result")
|
|
}
|
|
}
|
|
written += int64(nw)
|
|
if ew != nil {
|
|
return written, nil, ew
|
|
}
|
|
if nr != nw {
|
|
return written, nil, io.ErrShortWrite
|
|
}
|
|
}
|
|
if er != nil {
|
|
if er == io.EOF {
|
|
er = nil
|
|
}
|
|
return written, er, nil
|
|
}
|
|
}
|
|
}
|
|
|
|
func (d *pluginDownloader) tryDownload(pkgPlugin PluginSpec, dst io.WriteCloser) (error, error) {
|
|
defer dst.Close()
|
|
tarball, expectedByteCount, err := pkgPlugin.Download()
|
|
if err != nil {
|
|
return err, nil
|
|
}
|
|
if d.WrapStream != nil {
|
|
tarball = d.WrapStream(tarball, expectedByteCount)
|
|
}
|
|
defer tarball.Close()
|
|
copiedByteCount, readErr, writerErr := d.copyBuffer(dst, tarball)
|
|
if readErr != nil || writerErr != nil {
|
|
return readErr, writerErr
|
|
}
|
|
if copiedByteCount != expectedByteCount {
|
|
return nil, fmt.Errorf("expected %d bytes but copied %d when downloading plugin %s",
|
|
expectedByteCount, copiedByteCount, pkgPlugin)
|
|
}
|
|
return nil, nil
|
|
}
|
|
|
|
func (d *pluginDownloader) tryDownloadToFile(pkgPlugin PluginSpec) (string, error, error) {
|
|
file, err := os.CreateTemp("" /* default temp dir */, "pulumi-plugin-tar")
|
|
if err != nil {
|
|
return "", nil, err
|
|
}
|
|
readErr, writeErr := d.tryDownload(pkgPlugin, file)
|
|
logging.V(10).Infof("try downloaded plugin %s to %s: %v %v", pkgPlugin, file.Name(), readErr, writeErr)
|
|
if readErr != nil || writeErr != nil {
|
|
err2 := os.Remove(file.Name())
|
|
if err2 != nil {
|
|
// only one of readErr or writeErr will be set
|
|
err := readErr
|
|
if err == nil {
|
|
err = writeErr
|
|
}
|
|
|
|
return "", nil, fmt.Errorf("error while removing tempfile: %v. Context: %w", err2, err)
|
|
}
|
|
return "", readErr, writeErr
|
|
}
|
|
return file.Name(), nil, nil
|
|
}
|
|
|
|
func (d *pluginDownloader) downloadToFileWithRetry(pkgPlugin PluginSpec) (string, error) {
|
|
delay := 80 * time.Millisecond
|
|
backoff := 2.0
|
|
maxAttempts := 5
|
|
|
|
_, path, err := (&retry.Retryer{
|
|
After: d.After,
|
|
}).Until(context.Background(), retry.Acceptor{
|
|
Delay: &delay,
|
|
Backoff: &backoff,
|
|
Accept: func(attempt int, nextRetryTime time.Duration) (bool, interface{}, error) {
|
|
if attempt >= maxAttempts {
|
|
return false, nil, fmt.Errorf("failed all %d attempts", maxAttempts)
|
|
}
|
|
|
|
tempFile, readErr, writeErr := d.tryDownloadToFile(pkgPlugin)
|
|
if readErr == nil && writeErr == nil {
|
|
return true, tempFile, nil
|
|
}
|
|
if writeErr != nil {
|
|
// Writes are local. If they fail,
|
|
// there's no point retrying.
|
|
return false, "", writeErr
|
|
}
|
|
|
|
// If the readErr is a checksum error don't retry.
|
|
var checksumErr *checksumError
|
|
if errors.As(readErr, &checksumErr) {
|
|
return false, "", readErr
|
|
}
|
|
|
|
// Don't retry, since the request was processed and rejected.
|
|
var downloadErr *downloadError
|
|
if errors.As(readErr, &downloadErr) && (downloadErr.code == 404 || downloadErr.code == 403) {
|
|
return false, "", readErr
|
|
}
|
|
|
|
if d.OnRetry != nil {
|
|
d.OnRetry(readErr, attempt+1, maxAttempts, nextRetryTime)
|
|
}
|
|
|
|
return false, "", nil
|
|
},
|
|
})
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return path.(string), nil
|
|
}
|
|
|
|
// DownloadToFile downloads the given PluginSpec to a temporary file
|
|
// and returns that temporary file.
|
|
//
|
|
// This has some retry logic to re-attempt the download if it errors for any reason.
|
|
func (d *pluginDownloader) DownloadToFile(pkgPlugin PluginSpec) (*os.File, error) {
|
|
tarball, err := d.downloadToFileWithRetry(pkgPlugin)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to download plugin: %s: %w", pkgPlugin, err)
|
|
}
|
|
reader, err := os.Open(tarball)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to open downloaded plugin: %s: %w", pkgPlugin, err)
|
|
}
|
|
return reader, nil
|
|
}
|
|
|
|
// DownloadToFile downloads the given PluginInfo to a temporary file and returns that temporary file.
|
|
// This has some retry logic to re-attempt the download if it errors for any reason.
|
|
func DownloadToFile(
|
|
pkgPlugin PluginSpec,
|
|
wrapper func(stream io.ReadCloser, size int64) io.ReadCloser,
|
|
retry func(err error, attempt int, limit int, delay time.Duration),
|
|
) (*os.File, error) {
|
|
return (&pluginDownloader{
|
|
WrapStream: wrapper,
|
|
OnRetry: retry,
|
|
}).DownloadToFile(pkgPlugin)
|
|
}
|
|
|
|
type PluginContent interface {
|
|
io.Closer
|
|
|
|
writeToDir(pathToDir string) error
|
|
}
|
|
|
|
func SingleFilePlugin(f *os.File, spec PluginSpec) PluginContent {
|
|
return singleFilePlugin{F: f, Kind: spec.Kind, Name: spec.Name}
|
|
}
|
|
|
|
type singleFilePlugin struct {
|
|
F *os.File
|
|
Kind PluginKind
|
|
Name string
|
|
}
|
|
|
|
func (p singleFilePlugin) writeToDir(finalDir string) error {
|
|
bytes, err := io.ReadAll(p.F)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
finalPath := filepath.Join(finalDir, fmt.Sprintf("pulumi-%s-%s", p.Kind, p.Name))
|
|
// We are writing an executable.
|
|
return os.WriteFile(finalPath, bytes, 0o700) //nolint:gosec
|
|
}
|
|
|
|
func (p singleFilePlugin) Close() error {
|
|
return p.F.Close()
|
|
}
|
|
|
|
func TarPlugin(tgz io.ReadCloser) PluginContent {
|
|
return tarPlugin{Tgz: tgz}
|
|
}
|
|
|
|
type tarPlugin struct {
|
|
Tgz io.ReadCloser
|
|
}
|
|
|
|
func (p tarPlugin) Close() error {
|
|
return p.Tgz.Close()
|
|
}
|
|
|
|
func (p tarPlugin) writeToDir(finalPath string) error {
|
|
return archive.ExtractTGZ(p.Tgz, finalPath)
|
|
}
|
|
|
|
func DirPlugin(rootPath string) PluginContent {
|
|
return dirPlugin{Root: rootPath}
|
|
}
|
|
|
|
type dirPlugin struct {
|
|
Root string
|
|
}
|
|
|
|
func (p dirPlugin) Close() error {
|
|
return nil
|
|
}
|
|
|
|
func (p dirPlugin) writeToDir(dstRoot string) error {
|
|
return filepath.WalkDir(p.Root, func(srcPath string, d fs.DirEntry, err error) error {
|
|
if err != nil {
|
|
return err
|
|
}
|
|
relPath := strings.TrimPrefix(srcPath, p.Root)
|
|
dstPath := filepath.Join(dstRoot, relPath)
|
|
|
|
if srcPath == p.Root {
|
|
return nil
|
|
}
|
|
if d.IsDir() {
|
|
return os.Mkdir(dstPath, 0o700)
|
|
}
|
|
|
|
src, err := os.Open(srcPath)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
info, err := d.Info()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
bytes, err := io.ReadAll(src)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return os.WriteFile(dstPath, bytes, info.Mode())
|
|
})
|
|
}
|
|
|
|
// InstallWithContext installs a plugin's tarball into the cache. It validates that plugin names are in the expected
|
|
// format. Previous versions of Pulumi extracted the tarball to a temp directory first, and then renamed the temp
|
|
// directory to the final directory. The rename operation fails often enough on Windows due to aggressive virus scanners
|
|
// opening files in the temp directory. To address this, we now extract the tarball directly into the final directory,
|
|
// and use file locks to prevent concurrent installs.
|
|
//
|
|
// Each plugin has its own file lock, with the same name as the plugin directory, with a `.lock` suffix.
|
|
// During installation an empty file with a `.partial` suffix is created, indicating that installation is in-progress.
|
|
// The `.partial` file is deleted when installation is complete, indicating that the plugin has finished installing.
|
|
// If a failure occurs during installation, the `.partial` file will remain, indicating the plugin wasn't fully
|
|
// installed. The next time the plugin is installed, the old installation directory will be removed and replaced with
|
|
// a fresh installation.
|
|
func (spec PluginSpec) InstallWithContext(ctx context.Context, content PluginContent, reinstall bool) error {
|
|
defer contract.IgnoreClose(content)
|
|
|
|
// Fetch the directory into which we will expand this tarball.
|
|
finalDir, err := spec.DirPath()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Create a file lock file at <pluginsdir>/<kind>-<name>-<version>.lock.
|
|
unlock, err := spec.installLock()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer unlock()
|
|
|
|
// Cleanup any temp dirs from failed installations of this plugin from previous versions of Pulumi.
|
|
if err := cleanupTempDirs(finalDir); err != nil {
|
|
// We don't want to fail the installation if there was an error cleaning up these old temp dirs.
|
|
// Instead, log the error and continue on.
|
|
logging.V(5).Infof("Install: Error cleaning up temp dirs: %s", err)
|
|
}
|
|
|
|
// Get the partial file path (e.g. <pluginsdir>/<kind>-<name>-<version>.partial).
|
|
partialFilePath, err := spec.PartialFilePath()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Check whether the directory exists while we were waiting on the lock.
|
|
_, finalDirStatErr := os.Stat(finalDir)
|
|
if finalDirStatErr == nil {
|
|
_, partialFileStatErr := os.Stat(partialFilePath)
|
|
if partialFileStatErr != nil {
|
|
if !os.IsNotExist(partialFileStatErr) {
|
|
return partialFileStatErr
|
|
}
|
|
if !reinstall {
|
|
// finalDir exists, there's no partial file, and we're not reinstalling, so the plugin is already
|
|
// installed.
|
|
return nil
|
|
}
|
|
}
|
|
|
|
// Either the partial file exists--meaning a previous attempt at installing the plugin failed--or we're
|
|
// deliberately reinstalling the plugin. Delete finalDir so we can try installing again. There's no need to
|
|
// delete the partial file since we'd just be recreating it again below anyway.
|
|
if err := os.RemoveAll(finalDir); err != nil {
|
|
return err
|
|
}
|
|
} else if !os.IsNotExist(finalDirStatErr) {
|
|
return finalDirStatErr
|
|
}
|
|
|
|
// Create an empty partial file to indicate installation is in-progress.
|
|
if err := os.WriteFile(partialFilePath, nil, 0o600); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Create the final directory.
|
|
if err := os.MkdirAll(finalDir, 0o700); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := content.writeToDir(finalDir); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Even though we deferred closing the tarball at the beginning of this function, go ahead and explicitly close
|
|
// it now since we're finished extracting it, to prevent subsequent output from being displayed oddly with
|
|
// the progress bar.
|
|
contract.IgnoreClose(content)
|
|
|
|
// Install dependencies, if needed.
|
|
proj, err := LoadPluginProject(filepath.Join(finalDir, "PulumiPlugin.yaml"))
|
|
if err != nil && !os.IsNotExist(err) {
|
|
return fmt.Errorf("loading PulumiPlugin.yaml: %w", err)
|
|
}
|
|
if proj != nil {
|
|
runtime := strings.ToLower(proj.Runtime.Name())
|
|
// For now, we only do this for Node.js and Python. For Go, the expectation is the binary is
|
|
// already built. For .NET, similarly, a single self-contained binary could be used, but
|
|
// otherwise `dotnet run` will implicitly run `dotnet restore`.
|
|
// TODO[pulumi/pulumi#1334]: move to the language plugins so we don't have to hard code here.
|
|
switch runtime {
|
|
case "nodejs":
|
|
var b bytes.Buffer
|
|
if _, err := npm.Install(ctx, finalDir, true /* production */, &b, &b); err != nil {
|
|
os.Stderr.Write(b.Bytes())
|
|
return fmt.Errorf("installing plugin dependencies: %w", err)
|
|
}
|
|
case "python":
|
|
if err := python.InstallDependencies(ctx, finalDir, "venv", false /*showOutput*/); err != nil {
|
|
return fmt.Errorf("installing plugin dependencies: %w", err)
|
|
}
|
|
}
|
|
}
|
|
|
|
// Installation is complete. Remove the partial file.
|
|
return os.Remove(partialFilePath)
|
|
}
|
|
|
|
// cleanupTempDirs cleans up leftover temp dirs from failed installs with previous versions of Pulumi.
|
|
func cleanupTempDirs(finalDir string) error {
|
|
dir := filepath.Dir(finalDir)
|
|
|
|
infos, err := os.ReadDir(dir)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, info := range infos {
|
|
// Temp dirs have a suffix of `.tmpXXXXXX` (where `XXXXXX`) is a random number,
|
|
// from os.CreateTemp.
|
|
if info.IsDir() && installingPluginRegexp.MatchString(info.Name()) {
|
|
path := filepath.Join(dir, info.Name())
|
|
if err := os.RemoveAll(path); err != nil {
|
|
return fmt.Errorf("cleaning up temp dir %s: %w", path, err)
|
|
}
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// PluginKind represents a kind of a plugin that may be dynamically loaded and used by Pulumi.
|
|
type PluginKind string
|
|
|
|
const (
|
|
// AnalyzerPlugin is a plugin that can be used as a resource analyzer.
|
|
AnalyzerPlugin PluginKind = "analyzer"
|
|
// LanguagePlugin is a plugin that can be used as a language host.
|
|
LanguagePlugin PluginKind = "language"
|
|
// ResourcePlugin is a plugin that can be used as a resource provider for custom CRUD operations.
|
|
ResourcePlugin PluginKind = "resource"
|
|
// ConverterPlugin is a plugin that can be used to convert from other ecosystems to Pulumi.
|
|
ConverterPlugin PluginKind = "converter"
|
|
)
|
|
|
|
// IsPluginKind returns true if k is a valid plugin kind, and false otherwise.
|
|
func IsPluginKind(k string) bool {
|
|
switch PluginKind(k) {
|
|
case AnalyzerPlugin, LanguagePlugin, ResourcePlugin, ConverterPlugin:
|
|
return true
|
|
default:
|
|
return false
|
|
}
|
|
}
|
|
|
|
// HasPlugin returns true if the given plugin exists.
|
|
func HasPlugin(spec PluginSpec) bool {
|
|
dir, err := spec.DirPath()
|
|
if err == nil {
|
|
_, err := os.Stat(dir)
|
|
if err == nil {
|
|
partialFilePath, err := spec.PartialFilePath()
|
|
if err == nil {
|
|
if _, err := os.Stat(partialFilePath); os.IsNotExist(err) {
|
|
return true
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
// HasPluginGTE returns true if the given plugin exists at the given version number or greater.
|
|
func HasPluginGTE(spec PluginSpec) (bool, error) {
|
|
// If an exact match, return true right away.
|
|
if HasPlugin(spec) {
|
|
return true, nil
|
|
}
|
|
|
|
// Otherwise, load up the list of plugins and find one with the same name/type and >= version.
|
|
plugs, err := GetPlugins()
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
|
|
// If we're not doing the legacy plugin behavior and we've been asked for a specific version, do the same plugin
|
|
// search that we'd do at runtime. This ensures that `pulumi plugin install` works the same way that the runtime
|
|
// loader does, to minimize confusion when a user has to install new plugins.
|
|
var match *PluginInfo
|
|
if !enableLegacyPluginBehavior && spec.Version != nil {
|
|
requestedVersion := semver.MustParseRange(spec.Version.String())
|
|
match = SelectCompatiblePlugin(plugs, spec.Kind, spec.Name, requestedVersion)
|
|
} else {
|
|
match = LegacySelectCompatiblePlugin(plugs, spec.Kind, spec.Name, spec.Version)
|
|
}
|
|
return match != nil, nil
|
|
}
|
|
|
|
// GetPolicyDir returns the directory in which an organization's Policy Packs on the current machine are managed.
|
|
func GetPolicyDir(orgName string) (string, error) {
|
|
return GetPulumiPath(PolicyDir, orgName)
|
|
}
|
|
|
|
// GetPolicyPath finds a PolicyPack by its name version, as well as a bool marked true if the path
|
|
// already exists and is a directory.
|
|
func GetPolicyPath(orgName, name, version string) (string, bool, error) {
|
|
policiesDir, err := GetPolicyDir(orgName)
|
|
if err != nil {
|
|
return "", false, err
|
|
}
|
|
|
|
policyPackPath := path.Join(policiesDir, fmt.Sprintf("pulumi-analyzer-%s-v%s", name, version))
|
|
|
|
file, err := os.Stat(policyPackPath)
|
|
if err == nil && file.IsDir() {
|
|
// PolicyPack exists. Return.
|
|
return policyPackPath, true, nil
|
|
} else if err != nil && !os.IsNotExist(err) {
|
|
// Error trying to inspect PolicyPack FS entry. Return error.
|
|
return "", false, err
|
|
}
|
|
|
|
// Not found. Return empty path.
|
|
return policyPackPath, false, nil
|
|
}
|
|
|
|
// GetPluginDir returns the directory in which plugins on the current machine are managed.
|
|
func GetPluginDir() (string, error) {
|
|
return GetPulumiPath(PluginDir)
|
|
}
|
|
|
|
// GetPlugins returns a list of installed plugins without size info and last accessed metadata.
|
|
// Plugin size requires recursively traversing the plugin directory, which can be extremely
|
|
// expensive with the introduction of nodejs multilang components that have
|
|
// deeply nested node_modules folders.
|
|
func GetPlugins() ([]PluginInfo, error) {
|
|
// To get the list of plugins, simply scan the directory in the usual place.
|
|
dir, err := GetPluginDir()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return getPlugins(dir, true /* skipMetadata */)
|
|
}
|
|
|
|
// GetPluginsWithMetadata returns a list of installed plugins with metadata about size,
|
|
// and last access (POOR RUNTIME PERF). Plugin size requires recursively traversing the
|
|
// plugin directory, which can be extremely expensive with the introduction of
|
|
// nodejs multilang components that have deeply nested node_modules folders.
|
|
func GetPluginsWithMetadata() ([]PluginInfo, error) {
|
|
// To get the list of plugins, simply scan the directory in the usual place.
|
|
dir, err := GetPluginDir()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return getPlugins(dir, false /* skipMetadata */)
|
|
}
|
|
|
|
func getPlugins(dir string, skipMetadata bool) ([]PluginInfo, error) {
|
|
files, err := os.ReadDir(dir)
|
|
if err != nil {
|
|
if os.IsNotExist(err) {
|
|
return nil, nil
|
|
}
|
|
return nil, err
|
|
}
|
|
|
|
// Now read the file infos and create the plugin infos.
|
|
var plugins []PluginInfo
|
|
for _, file := range files {
|
|
// Skip anything that doesn't look like a plugin.
|
|
if kind, name, version, ok := tryPlugin(file); ok {
|
|
path := filepath.Join(dir, file.Name())
|
|
plugin := PluginInfo{
|
|
Name: name,
|
|
Kind: kind,
|
|
Version: &version,
|
|
Path: path,
|
|
}
|
|
if _, err := os.Stat(path + ".partial"); err == nil {
|
|
// Skip it if the partial file exists, meaning the plugin is not fully installed.
|
|
continue
|
|
} else if !os.IsNotExist(err) {
|
|
return nil, err
|
|
}
|
|
// computing plugin sizes can be very expensive (nested node_modules)
|
|
if !skipMetadata {
|
|
if err = plugin.SetFileMetadata(path); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
plugins = append(plugins, plugin)
|
|
}
|
|
}
|
|
return plugins, nil
|
|
}
|
|
|
|
// We currently bundle some plugins with "pulumi" and thus expect them to be next to the pulumi binary.
|
|
// Eventually we want to fix this so new plugins are true plugins in the plugin cache.
|
|
func IsPluginBundled(kind PluginKind, name string) bool {
|
|
return (kind == LanguagePlugin && name == "nodejs") ||
|
|
(kind == LanguagePlugin && name == "go") ||
|
|
(kind == LanguagePlugin && name == "python") ||
|
|
(kind == LanguagePlugin && name == "dotnet") ||
|
|
(kind == LanguagePlugin && name == "yaml") ||
|
|
(kind == LanguagePlugin && name == "java") ||
|
|
(kind == ResourcePlugin && name == "pulumi-nodejs") ||
|
|
(kind == ResourcePlugin && name == "pulumi-python") ||
|
|
(kind == AnalyzerPlugin && name == "policy") ||
|
|
(kind == AnalyzerPlugin && name == "policy-python")
|
|
}
|
|
|
|
// GetPluginPath finds a plugin's path by its kind, name, and optional version. It will match the latest version that
|
|
// is >= the version specified. If no version is supplied, the latest plugin for that given kind/name pair is loaded,
|
|
// using standard semver sorting rules. A plugin may be overridden entirely by placing it on your $PATH, though it is
|
|
// possible to opt out of this behavior by setting PULUMI_IGNORE_AMBIENT_PLUGINS to any non-empty value.
|
|
func GetPluginPath(d diag.Sink, kind PluginKind, name string, version *semver.Version,
|
|
projectPlugins []ProjectPlugin,
|
|
) (string, error) {
|
|
info, path, err := getPluginInfoAndPath(d, kind, name, version, true /* skipMetadata */, projectPlugins)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
contract.Assertf(info.Path == filepath.Dir(path),
|
|
"plugin executable (%v) is not inside plugin directory (%v)", path, info.Path)
|
|
return path, err
|
|
}
|
|
|
|
func GetPluginInfo(d diag.Sink, kind PluginKind, name string, version *semver.Version,
|
|
projectPlugins []ProjectPlugin,
|
|
) (*PluginInfo, error) {
|
|
info, path, err := getPluginInfoAndPath(d, kind, name, version, false, projectPlugins)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
contract.Assertf(info.Path == filepath.Dir(path),
|
|
"plugin executable (%v) is not inside plugin directory (%v)", path, info.Path)
|
|
return info, nil
|
|
}
|
|
|
|
// Given a PluginInfo try to find the executable file that corresponds to it
|
|
func getPluginPath(info *PluginInfo) string {
|
|
var path string
|
|
exts := getCandidateExtensions()
|
|
for _, ext := range exts {
|
|
path = filepath.Join(info.Path, info.Spec().File()) + ext
|
|
_, err := os.Stat(path)
|
|
if err == nil {
|
|
return path
|
|
}
|
|
}
|
|
|
|
// We didn't actually find a file for this plugin, so just use the old behaviour of assuming the first
|
|
// extension.
|
|
return filepath.Join(info.Path, info.Spec().File()) + exts[0]
|
|
}
|
|
|
|
// getPluginInfoAndPath searches for a compatible plugin kind, name, and version and returns either:
|
|
// - if found as an ambient plugin, nil and the path to the executable
|
|
// - if found in the pulumi dir's installed plugins, a PluginInfo and path to the executable
|
|
// - an error in all other cases.
|
|
func getPluginInfoAndPath(
|
|
d diag.Sink,
|
|
kind PluginKind, name string, version *semver.Version, skipMetadata bool,
|
|
projectPlugins []ProjectPlugin,
|
|
) (*PluginInfo, string, error) {
|
|
filename := (&PluginSpec{Kind: kind, Name: name}).File()
|
|
|
|
for i, p1 := range projectPlugins {
|
|
for j, p2 := range projectPlugins {
|
|
if j < i {
|
|
if p2.Kind == p1.Kind && p2.Name == p1.Name {
|
|
if p1.Version != nil && p2.Version != nil && p2.Version.Equals(*p1.Version) {
|
|
return nil, "", fmt.Errorf(
|
|
"multiple project plugins with kind %s, name %s, version %s",
|
|
p1.Kind, p1.Name, p1.Version)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
for _, plugin := range projectPlugins {
|
|
if plugin.Kind != kind {
|
|
continue
|
|
}
|
|
if plugin.Name != name {
|
|
continue
|
|
}
|
|
if plugin.Version != nil && version != nil {
|
|
if !plugin.Version.Equals(*version) {
|
|
logging.Warningf(
|
|
"Project plugin %s with version %s is incompatible with requested version %s.\n",
|
|
name, plugin.Version, version)
|
|
continue
|
|
}
|
|
}
|
|
|
|
spec := plugin.Spec()
|
|
info := &PluginInfo{
|
|
Name: spec.Name,
|
|
Kind: spec.Kind,
|
|
Version: spec.Version,
|
|
Path: plugin.Path,
|
|
}
|
|
path := getPluginPath(info)
|
|
// computing plugin sizes can be very expensive (nested node_modules)
|
|
if !skipMetadata && path != "" {
|
|
if err := info.SetFileMetadata(path); err != nil {
|
|
return nil, "", err
|
|
}
|
|
}
|
|
return info, path, nil
|
|
}
|
|
|
|
// If we have a version of the plugin on its $PATH, use it, unless we have opted out of this behavior explicitly.
|
|
// This supports development scenarios.
|
|
includeAmbient := !(env.IgnoreAmbientPlugins.Value())
|
|
var ambientPath string
|
|
if includeAmbient {
|
|
if path, err := exec.LookPath(filename); err == nil {
|
|
ambientPath = path
|
|
logging.V(6).Infof("GetPluginPath(%s, %s, %v): found on $PATH %s", kind, name, version, path)
|
|
}
|
|
}
|
|
|
|
// At some point in the future, bundled plugins will be located in the plugin cache, just like regular
|
|
// plugins (see pulumi/pulumi#956 for some of the reasons why this isn't the case today). For now, they
|
|
// ship next to the `pulumi` binary. While we encourage this folder to be on the $PATH (and so the check
|
|
// above would have normally found the plugin) it's possible someone is running `pulumi` with an explicit
|
|
// path on the command line or has done symlink magic such that `pulumi` is on the path, but the bundled
|
|
// plugins are not, or has simply set IGNORE_AMBIENT_PLUGINS. So, if possible, look next to the instance
|
|
// of `pulumi` that is running to find this bundled plugin.
|
|
var bundledPath string
|
|
if IsPluginBundled(kind, name) {
|
|
exePath, exeErr := os.Executable()
|
|
if exeErr == nil {
|
|
fullPath, fullErr := filepath.EvalSymlinks(exePath)
|
|
if fullErr == nil {
|
|
for _, ext := range getCandidateExtensions() {
|
|
candidate := filepath.Join(filepath.Dir(fullPath), filename+ext)
|
|
// Let's see if the file is executable. On Windows, os.Stat() returns a mode of "-rw-rw-rw" so on
|
|
// on windows we just trust the fact that the .exe can actually be launched.
|
|
if stat, err := os.Stat(candidate); err == nil &&
|
|
(stat.Mode()&0o100 != 0 || runtime.GOOS == windowsGOOS) {
|
|
logging.V(6).Infof("GetPluginPath(%s, %s, %v): found next to current executable %s",
|
|
kind, name, version, candidate)
|
|
bundledPath = candidate
|
|
break
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// We prefer the ambient path, but we need to check if this is the same as the bundled
|
|
// path to decide if we're warning or not.
|
|
pluginPath := bundledPath
|
|
if ambientPath != "" {
|
|
if ambientPath != bundledPath {
|
|
// They don't match _but_ it might be they just don't match because the pulumi install is symlinked,
|
|
// e.g. /opt/homebrew/bin/pulumi-language-nodejs -> /opt/homebrew/Cellar/pulumi/3.77.0/bin/pulumi-language-nodejs
|
|
// So before we warn, lets just check if we can resolve symlinks in the ambient path and then check again.
|
|
fullAmbientPath, err := filepath.EvalSymlinks(ambientPath)
|
|
// N.B, that we don't _return_ the resolved path, we return the original path. Also if resolving
|
|
// hits any errors then we just skip this warning, better to not warn than to error in a new way.
|
|
if err == nil {
|
|
if fullAmbientPath != bundledPath {
|
|
d.Warningf(diag.Message("", "using %s from $PATH at %s"), filename, ambientPath)
|
|
}
|
|
}
|
|
}
|
|
pluginPath = ambientPath
|
|
}
|
|
if pluginPath != "" {
|
|
return &PluginInfo{
|
|
Kind: kind,
|
|
Name: name,
|
|
Path: filepath.Dir(pluginPath),
|
|
}, pluginPath, nil
|
|
}
|
|
|
|
// Wasn't ambient, and wasn't bundled, so now check the plugin cache.
|
|
var plugins []PluginInfo
|
|
var err error
|
|
if skipMetadata {
|
|
plugins, err = GetPlugins()
|
|
} else {
|
|
plugins, err = GetPluginsWithMetadata()
|
|
}
|
|
if err != nil {
|
|
return nil, "", fmt.Errorf("loading plugin list: %w", err)
|
|
}
|
|
|
|
var match *PluginInfo
|
|
if !enableLegacyPluginBehavior && version != nil {
|
|
logging.V(6).Infof("GetPluginPath(%s, %s, %s): enabling new plugin behavior", kind, name, version)
|
|
match = SelectCompatiblePlugin(plugins, kind, name, semver.MustParseRange(version.String()))
|
|
} else {
|
|
logging.V(6).Infof("GetPluginPath(%s, %s, %s): using legacy plugin behavior", kind, name, version)
|
|
match = LegacySelectCompatiblePlugin(plugins, kind, name, version)
|
|
}
|
|
|
|
if match != nil {
|
|
matchPath := getPluginPath(match)
|
|
logging.V(6).Infof("GetPluginPath(%s, %s, %v): found in cache at %s", kind, name, version, matchPath)
|
|
return match, matchPath, nil
|
|
}
|
|
|
|
return nil, "", NewMissingError(kind, name, version, includeAmbient)
|
|
}
|
|
|
|
// SortedPluginInfo is a wrapper around PluginInfo that allows for sorting by version.
|
|
type SortedPluginInfo []PluginInfo
|
|
|
|
func (sp SortedPluginInfo) Len() int { return len(sp) }
|
|
func (sp SortedPluginInfo) Less(i, j int) bool {
|
|
iVersion := sp[i].Version
|
|
jVersion := sp[j].Version
|
|
switch {
|
|
case iVersion == nil && jVersion == nil:
|
|
return false
|
|
case iVersion == nil:
|
|
return true
|
|
case jVersion == nil:
|
|
return false
|
|
case iVersion.EQ(*jVersion):
|
|
return iVersion.String() < jVersion.String()
|
|
default:
|
|
return iVersion.LT(*jVersion)
|
|
}
|
|
}
|
|
func (sp SortedPluginInfo) Swap(i, j int) { sp[i], sp[j] = sp[j], sp[i] }
|
|
|
|
// SortedPluginSpec is a wrapper around PluginSpec that allows for sorting by version.
|
|
type SortedPluginSpec []PluginSpec
|
|
|
|
func (sp SortedPluginSpec) Len() int { return len(sp) }
|
|
func (sp SortedPluginSpec) Less(i, j int) bool {
|
|
iVersion := sp[i].Version
|
|
jVersion := sp[j].Version
|
|
switch {
|
|
case iVersion == nil && jVersion == nil:
|
|
return false
|
|
case iVersion == nil:
|
|
return true
|
|
case jVersion == nil:
|
|
return false
|
|
case iVersion.EQ(*jVersion):
|
|
return iVersion.String() < jVersion.String()
|
|
default:
|
|
return iVersion.LT(*jVersion)
|
|
}
|
|
}
|
|
func (sp SortedPluginSpec) Swap(i, j int) { sp[i], sp[j] = sp[j], sp[i] }
|
|
|
|
// LegacySelectCompatiblePlugin selects a plugin from the list of plugins with the given kind and name that
|
|
// satisfies the requested version. It returns the highest version plugin greater than the requested version,
|
|
// or an error if no such plugin could be found.
|
|
//
|
|
// If there exist plugins in the plugin list that don't have a version, LegacySelectCompatiblePlugin will select
|
|
// them if there are no other compatible plugins available.
|
|
func LegacySelectCompatiblePlugin(
|
|
plugins []PluginInfo, kind PluginKind, name string, version *semver.Version,
|
|
) *PluginInfo {
|
|
var match *PluginInfo
|
|
for _, cur := range plugins {
|
|
// Since the value of cur changes as we iterate, we can't save a pointer to it. So let's have a local
|
|
// that we can take a pointer to if this plugin is the best match yet.
|
|
plugin := cur
|
|
if plugin.Kind == kind && plugin.Name == name {
|
|
// Always pick the most recent version of the plugin available. Even if this is an exact match,
|
|
// we keep on searching just in case there's a newer version available.
|
|
var m *PluginInfo
|
|
if match == nil {
|
|
// no existing match
|
|
if version == nil {
|
|
m = &plugin // no version spec, accept anything
|
|
} else if plugin.Version == nil || plugin.Version.GTE(*version) {
|
|
// Either the plugin doesn't have a version, in which case we'll take it but prefer
|
|
// anything else, or it has a version >= requested.
|
|
m = &plugin
|
|
}
|
|
} else {
|
|
// existing match
|
|
if plugin.Version != nil && match.Version == nil {
|
|
// existing match is unversioned, but this plugin has a version, so prefer it.
|
|
m = &plugin
|
|
} else if plugin.Version == nil {
|
|
// this plugin is unversioned ignore it, our current match might also be unversioned but
|
|
// we just pick the first we see in this case.
|
|
} else {
|
|
// both have versions, pick the greater stable one.
|
|
matchIsPre := len(match.Version.Pre) != 0
|
|
pluginIsPre := len(plugin.Version.Pre) != 0
|
|
|
|
// The plugin has to at least be greater than the requested version.
|
|
if version == nil || plugin.Version.GTE(*version) {
|
|
if matchIsPre && !pluginIsPre {
|
|
// If one is pre-release and the other is not, prefer the non-pre-release one.
|
|
m = &plugin
|
|
} else if !matchIsPre && pluginIsPre {
|
|
// current match is not pre-release, but this plugin is, so prefer the current match.
|
|
} else if plugin.Version.GT(*match.Version) {
|
|
// Else if the plugin is greater than the current match, prefer it.
|
|
m = &plugin
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if m != nil {
|
|
match = m
|
|
logging.V(6).Infof("LegacySelectCompatiblePlugin(%s, %s, %s): found candidate (#%s)",
|
|
kind, name, version, match.Version)
|
|
}
|
|
}
|
|
}
|
|
return match
|
|
}
|
|
|
|
// SelectCompatiblePlugin selects a plugin from the list of plugins with the given kind and name that sastisfies the
|
|
// requested semver range. It returns the highest version plugin that satisfies the requested constraints, or an error
|
|
// if no such plugin could be found.
|
|
//
|
|
// If there exist plugins in the plugin list that don't have a version, SelectCompatiblePlugin will select them if there
|
|
// are no other compatible plugins available.
|
|
func SelectCompatiblePlugin(
|
|
plugins []PluginInfo, kind PluginKind, name string, requested semver.Range,
|
|
) *PluginInfo {
|
|
logging.V(7).Infof("SelectCompatiblePlugin(..., %s): beginning", name)
|
|
var bestMatch PluginInfo
|
|
var hasMatch bool
|
|
|
|
// Before iterating over the list of plugins, sort the list of plugins by version in ascending order. This ensures
|
|
// that we can do a single pass over the plugin list, from lowest version to greatest version, and be confident that
|
|
// the best match that we find at the end is the greatest possible compatible version for the requested plugin.
|
|
//
|
|
// Plugins without versions are treated as having the lowest version. Ties between plugins without versions are
|
|
// resolved arbitrarily.
|
|
sort.Sort(SortedPluginInfo(plugins))
|
|
for _, plugin := range plugins {
|
|
switch {
|
|
case plugin.Kind != kind || plugin.Name != name:
|
|
// Not the plugin we're looking for.
|
|
case !hasMatch && plugin.Version == nil:
|
|
// This is the plugin we're looking for, but it doesn't have a version. We haven't seen anything better yet,
|
|
// so take it.
|
|
logging.V(7).Infof(
|
|
"SelectCompatiblePlugin(..., %s): best plugin %s: no version and no other candidates",
|
|
name, plugin.String())
|
|
hasMatch = true
|
|
bestMatch = plugin
|
|
case plugin.Version == nil:
|
|
// This is a rare case - we've already seen a version-less plugin and we're seeing another here. Ignore this
|
|
// one and defer to the one we previously selected.
|
|
logging.V(7).Infof("SelectCompatiblePlugin(..., %s): skipping plugin %s: no version", name, plugin.String())
|
|
case requested(*plugin.Version):
|
|
// This plugin is compatible with the requested semver range. Save it as the best match and continue.
|
|
logging.V(7).Infof("SelectCompatiblePlugin(..., %s): best plugin %s: semver match", name, plugin.String())
|
|
hasMatch = true
|
|
bestMatch = plugin
|
|
default:
|
|
logging.V(7).Infof(
|
|
"SelectCompatiblePlugin(..., %s): skipping plugin %s: semver mismatch", name, plugin.String())
|
|
}
|
|
}
|
|
|
|
if !hasMatch {
|
|
return nil
|
|
}
|
|
return &bestMatch
|
|
}
|
|
|
|
// ReadCloserProgressBar displays a progress bar for the given closer and returns a wrapper closer to manipulate it.
|
|
func ReadCloserProgressBar(
|
|
closer io.ReadCloser, size int64, message string, colorization colors.Colorization,
|
|
) io.ReadCloser {
|
|
if size == -1 {
|
|
return closer
|
|
}
|
|
|
|
if !cmdutil.Interactive() {
|
|
return closer
|
|
}
|
|
|
|
// If we know the length of the download, show a progress bar.
|
|
bar := pb.New(int(size))
|
|
bar.Output = os.Stderr
|
|
bar.Prefix(colorization.Colorize(colors.SpecUnimportant + message + ":"))
|
|
bar.Postfix(colorization.Colorize(colors.Reset))
|
|
bar.SetMaxWidth(80)
|
|
bar.SetUnits(pb.U_BYTES)
|
|
bar.Start()
|
|
|
|
return &barCloser{
|
|
bar: bar,
|
|
readCloser: bar.NewProxyReader(closer),
|
|
}
|
|
}
|
|
|
|
// getCandidateExtensions returns a set of file extensions (including the dot seprator) which should be used when
|
|
// probing for an executable file.
|
|
func getCandidateExtensions() []string {
|
|
if runtime.GOOS == windowsGOOS {
|
|
return []string{".exe", ".cmd"}
|
|
}
|
|
|
|
return []string{""}
|
|
}
|
|
|
|
// pluginRegexp matches plugin directory names: pulumi-KIND-NAME-VERSION.
|
|
var pluginRegexp = regexp.MustCompile(
|
|
"^(?P<Kind>[a-z]+)-" + // KIND
|
|
"(?P<Name>[a-zA-Z0-9-]*[a-zA-Z0-9])-" + // NAME
|
|
"v(?P<Version>.*)$") // VERSION
|
|
|
|
// installingPluginRegexp matches the name of temporary folders. Previous versions of Pulumi first extracted
|
|
// plugins to a temporary folder with a suffix of `.tmpXXXXXX` (where `XXXXXX`) is a random number, from
|
|
// os.CreateTemp. We should ignore these folders.
|
|
var installingPluginRegexp = regexp.MustCompile(`\.tmp[0-9]+$`)
|
|
|
|
// tryPlugin returns true if a file is a plugin, and extracts information about it.
|
|
func tryPlugin(file os.DirEntry) (PluginKind, string, semver.Version, bool) {
|
|
// Only directories contain plugins.
|
|
if !file.IsDir() {
|
|
logging.V(11).Infof("skipping file in plugin directory: %s", file.Name())
|
|
return "", "", semver.Version{}, false
|
|
}
|
|
|
|
// Ignore plugins which are being installed
|
|
if installingPluginRegexp.MatchString(file.Name()) {
|
|
logging.V(11).Infof("skipping plugin %s which is being installed", file.Name())
|
|
return "", "", semver.Version{}, false
|
|
}
|
|
|
|
// Filenames must match the plugin regexp.
|
|
match := pluginRegexp.FindStringSubmatch(file.Name())
|
|
if len(match) != len(pluginRegexp.SubexpNames()) {
|
|
logging.V(11).Infof("skipping plugin %s with missing capture groups: expect=%d, actual=%d",
|
|
file.Name(), len(pluginRegexp.SubexpNames()), len(match))
|
|
return "", "", semver.Version{}, false
|
|
}
|
|
var kind PluginKind
|
|
var name string
|
|
var version *semver.Version
|
|
for i, group := range pluginRegexp.SubexpNames() {
|
|
v := match[i]
|
|
switch group {
|
|
case "Kind":
|
|
// Skip invalid kinds.
|
|
if IsPluginKind(v) {
|
|
kind = PluginKind(v)
|
|
} else {
|
|
logging.V(11).Infof("skipping invalid plugin kind: %s", v)
|
|
}
|
|
case "Name":
|
|
name = v
|
|
case "Version":
|
|
// Skip invalid versions.
|
|
ver, err := semver.ParseTolerant(v)
|
|
if err == nil {
|
|
version = &ver
|
|
} else {
|
|
logging.V(11).Infof("skipping invalid plugin version: %s", v)
|
|
}
|
|
}
|
|
}
|
|
|
|
// If anything was missing or invalid, skip this plugin.
|
|
if kind == "" || name == "" || version == nil {
|
|
logging.V(11).Infof("skipping plugin with missing information: kind=%s, name=%s, version=%v",
|
|
kind, name, version)
|
|
return "", "", semver.Version{}, false
|
|
}
|
|
|
|
return kind, name, *version, true
|
|
}
|
|
|
|
// getPluginSize recursively computes how much space is devoted to a given plugin.
|
|
func getPluginSize(path string) (int64, error) {
|
|
file, err := os.Stat(path)
|
|
if err != nil {
|
|
return 0, nil
|
|
}
|
|
|
|
size := int64(0)
|
|
if file.IsDir() {
|
|
subs, err := os.ReadDir(path)
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
for _, child := range subs {
|
|
add, err := getPluginSize(filepath.Join(path, child.Name()))
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
size += add
|
|
}
|
|
} else {
|
|
size += file.Size()
|
|
}
|
|
return size, nil
|
|
}
|
|
|
|
type barCloser struct {
|
|
bar *pb.ProgressBar
|
|
readCloser io.ReadCloser
|
|
}
|
|
|
|
func (bc *barCloser) Read(dest []byte) (int, error) {
|
|
return bc.readCloser.Read(dest)
|
|
}
|
|
|
|
func (bc *barCloser) Close() error {
|
|
bc.bar.Finish()
|
|
return bc.readCloser.Close()
|
|
}
|