pulumi/sdk/go/common/resource/config/object.go

560 lines
14 KiB
Go

// Copyright 2016-2022, Pulumi Corporation.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package config
import (
"bytes"
"context"
"encoding/json"
"errors"
"fmt"
"time"
"github.com/pulumi/pulumi/sdk/v3/go/common/resource"
"github.com/pulumi/pulumi/sdk/v3/go/common/util/contract"
)
var errSecureReprReserved = errors.New(`maps with the single key "secure" are reserved`)
// object is the internal object representation of a single config value. All operations on Value first decode the
// Value's string representation into its object representation. Secure strings are stored in objects as ciphertext.
type object struct {
value any
secure bool
}
// objectType describes the types of values that may be stored in the value field of an object
type objectType interface {
bool | int64 | float64 | string | []object | map[string]object
}
// newObject creates a new object with the given representation.
func newObject[T objectType](v T) object {
return object{value: v}
}
// newSecureObject creates a new secure object with the given ciphertext.
func newSecureObject(ciphertext string) object {
return object{value: ciphertext, secure: true}
}
// Secure returns true if the receiver is a secure string or a composite value that contains a secure string.
func (c object) Secure() bool {
switch v := c.value.(type) {
case []object:
for _, v := range v {
if v.Secure() {
return true
}
}
return false
case map[string]object:
for _, v := range v {
if v.Secure() {
return true
}
}
return false
case string:
return c.secure
default:
return false
}
}
// Decrypt decrypts any ciphertexts within the object and returns appropriately-shaped Plaintext values.
func (c object) Decrypt(ctx context.Context, decrypter Decrypter) (Plaintext, error) {
return c.decrypt(ctx, nil, decrypter)
}
func (c object) decrypt(ctx context.Context, path resource.PropertyPath, decrypter Decrypter) (Plaintext, error) {
switch v := c.value.(type) {
case bool:
return NewPlaintext(v), nil
case int64:
return NewPlaintext(v), nil
case float64:
return NewPlaintext(v), nil
case string:
if !c.secure {
return NewPlaintext(v), nil
}
plaintext, err := decrypter.DecryptValue(ctx, v)
if err != nil {
return Plaintext{}, fmt.Errorf("%v: %w", path, err)
}
return NewSecurePlaintext(plaintext), nil
case []object:
vs := make([]Plaintext, len(v))
for i, v := range v {
pv, err := v.decrypt(ctx, append(path, i), decrypter)
if err != nil {
return Plaintext{}, err
}
vs[i] = pv
}
return NewPlaintext(vs), nil
case map[string]object:
vs := make(map[string]Plaintext, len(v))
for k, v := range v {
pv, err := v.decrypt(ctx, append(path, k), decrypter)
if err != nil {
return Plaintext{}, err
}
vs[k] = pv
}
return NewPlaintext(vs), nil
case nil:
return Plaintext{}, nil
default:
contract.Failf("unexpected value of type %T", v)
return Plaintext{}, nil
}
}
// Merge merges the receiver onto the given base using JSON merge patch semantics. Merge does not modify the receiver or
// the base.
func (c object) Merge(base object) object {
if co, ok := c.value.(map[string]object); ok {
if bo, ok := base.value.(map[string]object); ok {
mo := make(map[string]object, len(co))
for k, v := range bo {
mo[k] = v
}
for k, v := range co {
mo[k] = v.Merge(mo[k])
}
return newObject(mo)
}
}
return c
}
// Get gets the member value at path. The path to the receiver is prefix.
func (c object) Get(path resource.PropertyPath) (_ object, ok bool, err error) {
if len(path) == 0 {
return c, true, nil
}
switch v := c.value.(type) {
case []object:
index, ok := path[0].(int)
if !ok || index < 0 || index >= len(v) {
return object{}, false, nil
}
elem := v[index]
return elem.Get(path[1:])
case map[string]object:
key, ok := path[0].(string)
if !ok {
return object{}, false, nil
}
elem, ok := v[key]
if !ok {
return object{}, false, nil
}
return elem.Get(path[1:])
default:
return object{}, false, nil
}
}
// Delete deletes the member value at path. The path to the receiver is prefix.
func (c *object) Delete(prefix, path resource.PropertyPath) error {
if len(path) == 0 {
return nil
}
prefix = append(prefix, path[0])
switch v := c.value.(type) {
case []object:
index, ok := path[0].(int)
if !ok || index < 0 || index >= len(v) {
return nil
}
if len(path) == 1 {
c.value = append(v[:index], v[index+1:]...)
return nil
}
elem := &v[index]
return elem.Delete(prefix, path[1:])
case map[string]object:
key, ok := path[0].(string)
if !ok {
return nil
}
// If we're deleting a property from this object, make sure that the result won't be mistaken for a secure
// value when it is encoded. Secure values are encoded as `{"secure": "ciphertext"}`.
if len(path) == 1 {
if len(v) == 2 {
keys := make([]string, 0, 2)
for k := range v {
if k != key {
keys = append(keys, k)
}
}
if len(keys) == 1 && keys[0] == "secure" {
if _, ok := v["secure"].value.(string); ok {
return fmt.Errorf("%v: %w", prefix, errSecureReprReserved)
}
}
}
delete(v, key)
return nil
}
elem, ok := v[key]
if !ok {
return nil
}
err := elem.Delete(prefix, path[1:])
v[key] = elem
return err
default:
return nil
}
}
func newContainer(accessor any) any {
switch accessor := accessor.(type) {
case int:
return make([]object, accessor+1)
case string:
return make(map[string]object)
default:
contract.Failf("unexpected accessor kind %T", accessor)
return nil
}
}
// Set sets the member value at path to new. The path to the receiver is prefix.
func (c *object) Set(prefix, path resource.PropertyPath, new object) error {
if len(path) == 0 {
*c = new
return nil
}
// Check the type of the receiver and create a new container if allowed.
switch c.value.(type) {
case []object, map[string]object:
// OK
case nil:
// This value is nil. Create a new container ny inferring the container type (i.e. array or object) from the
// accessor at the head of the path.
c.value = newContainer(path[0])
default:
// COMPAT: If this is the first level, we create a new container and overwrite the old value rather than issuing
// a type error.
if len(prefix) == 1 {
c.value, c.secure = newContainer(path[0]), false
} else {
switch path[0].(type) {
case int:
return fmt.Errorf("%v: expected an array", prefix)
case string:
return fmt.Errorf("%v: expected a map", prefix)
default:
contract.Failf("unreachable")
return nil
}
}
}
prefix = append(prefix, path[0])
switch v := c.value.(type) {
case []object:
index, ok := path[0].(int)
if !ok {
return fmt.Errorf("%v: key for an array must be an int", prefix)
}
if index < 0 || index > len(v) {
return fmt.Errorf("%v: array index out of range", prefix)
}
if index == len(v) {
v = append(v, object{})
c.value = v
}
elem := &v[index]
return elem.Set(prefix, path[1:], new)
case map[string]object:
key, ok := path[0].(string)
if !ok {
return fmt.Errorf("%v: key for a map must be a string", prefix)
}
// If we're adding a property tothis object, make sure that the result won't be mistaken for a secure
// value when it is encoded. Secure values are encoded as `{"secure": "ciphertext"}`.
if len(path) == 1 && len(v) == 0 && key == "secure" {
if _, ok := new.value.(string); ok {
return errSecureReprReserved
}
}
elem := v[key]
err := elem.Set(prefix, path[1:], new)
v[key] = elem
return err
default:
contract.Failf("unreachable")
return nil
}
}
// SecureValues returns the plaintext values for any secure strings contained in the receiver.
func (c object) SecureValues(dec Decrypter) ([]string, error) {
switch v := c.value.(type) {
case []object:
var values []string
for _, v := range v {
vs, err := v.SecureValues(dec)
if err != nil {
return nil, err
}
values = append(values, vs...)
}
return values, nil
case map[string]object:
var values []string
for _, v := range v {
vs, err := v.SecureValues(dec)
if err != nil {
return nil, err
}
values = append(values, vs...)
}
return values, nil
case string:
if c.secure {
plaintext, err := dec.DecryptValue(context.TODO(), v)
if err != nil {
return nil, err
}
return []string{plaintext}, nil
}
return nil, nil
default:
return nil, nil
}
}
// marshalValue converts the receiver into a Value.
func (c object) marshalValue() (v Value, err error) {
v.value, v.secure, v.object, err = c.MarshalString()
return
}
// marshalObjectValue converts the receiver into a shape that is compatible with Value.ToObject().
func (c object) marshalObjectValue(root bool) any {
switch v := c.value.(type) {
case []object:
vs := make([]any, len(v))
for i, v := range v {
vs[i] = v.marshalObjectValue(false)
}
return vs
case map[string]object:
vs := make(map[string]any, len(v))
for k, v := range v {
vs[k] = v.marshalObjectValue(false)
}
return vs
case string:
if !root && c.secure {
return map[string]any{"secure": c.value}
}
return c.value
default:
return c.value
}
}
// MarshalString returns the receiver's string representation. The string representation is accompanied by bools that
// indicate whether the receiver is secure and whether it is an object.
func (c object) MarshalString() (text string, secure, object bool, err error) {
switch v := c.value.(type) {
case bool, int64, float64:
bytes, err := c.MarshalJSON()
return string(bytes), false, false, err
case string:
return v, c.secure, false, nil
default:
bytes, err := c.MarshalJSON()
if err != nil {
return "", false, false, err
}
return string(bytes), c.Secure(), true, nil
}
}
// UnmarshalString unmarshals the string representation accompanied by secure and object metadata into the receiver.
func (c *object) UnmarshalString(text string, secure, object bool) error {
if !object {
c.value, c.secure = text, secure
return nil
}
return c.UnmarshalJSON([]byte(text))
}
func (c object) MarshalJSON() ([]byte, error) {
return json.Marshal(c.marshalObject())
}
func (c *object) UnmarshalJSON(b []byte) error {
dec := json.NewDecoder(bytes.NewReader(b))
dec.UseNumber()
var v any
err := dec.Decode(&v)
if err != nil {
return err
}
*c, err = unmarshalObject(v)
return err
}
func (c object) MarshalYAML() (any, error) {
return c.marshalObject(), nil
}
func (c *object) UnmarshalYAML(unmarshal func(any) error) error {
var v any
err := unmarshal(&v)
if err != nil {
return err
}
*c, err = unmarshalObject(v)
return err
}
// unmarshalObject unmarshals a raw JSON or YAML value into an object. json.Number values are converted to int64 if
// possible and float64 otherwise.
func unmarshalObject(v any) (object, error) {
switch v := v.(type) {
case bool:
return newObject(v), nil
case json.Number:
if i, err := v.Int64(); err == nil {
return newObject(i), nil
}
f, err := v.Float64()
if err == nil {
return newObject(f), nil
}
return object{}, fmt.Errorf("unrepresentable number %v: %w", v, err)
case int:
return newObject(int64(v)), nil
case int64:
return newObject(v), nil
case float64:
return newObject(v), nil
case string:
return newObject(v), nil
case time.Time:
return newObject(v.String()), nil
case map[string]any:
if ok, ciphertext := isSecureValue(v); ok {
return newSecureObject(ciphertext), nil
}
m := make(map[string]object, len(v))
for k, v := range v {
sv, err := unmarshalObject(v)
if err != nil {
return object{}, err
}
m[k] = sv
}
return newObject(m), nil
case map[any]any:
m := make(map[string]any, len(v))
for k, v := range v {
m[fmt.Sprintf("%v", k)] = v
}
return unmarshalObject(m)
case []any:
a := make([]object, len(v))
for i, v := range v {
sv, err := unmarshalObject(v)
if err != nil {
return object{}, err
}
a[i] = sv
}
return newObject(a), nil
case nil:
return object{}, nil
default:
contract.Failf("unexpected wire type %T", v)
return object{}, nil
}
}
// marshalObject returns the value that should be passed to the JSON or YAML packages when marshaling the receiver.
func (c object) marshalObject() any {
if str, ok := c.value.(string); ok && c.secure {
type secureValue struct {
Secure string `json:"secure" yaml:"secure"`
}
return secureValue{Secure: str}
}
return c.value
}
// isSecureValue returns true if the object is a `map[string]any` of length one with a "secure" property of type string.
func isSecureValue(v any) (bool, string) {
if m, isMap := v.(map[string]any); isMap && len(m) == 1 {
if val, hasSecureKey := m["secure"]; hasSecureKey {
if valString, isString := val.(string); isString {
return true, valString
}
}
}
return false, ""
}
func (c object) toDecryptedPropertyValue(decrypter Decrypter) resource.PropertyValue {
var prop resource.PropertyValue
switch v := c.value.(type) {
case bool, int64, float64, string:
if c.secure {
plaintext, err := decrypter.DecryptValue(context.Background(), v.(string))
contract.AssertNoErrorf(err, "failed to decrypt config")
prop = resource.NewPropertyValue(plaintext)
} else {
prop = resource.NewPropertyValue(v)
}
case []object:
var values []resource.PropertyValue
for _, v := range v {
values = append(values, v.toDecryptedPropertyValue(decrypter))
}
prop = resource.NewArrayProperty(values)
case map[string]object:
values := make(resource.PropertyMap)
for k, v := range v {
values[resource.PropertyKey(k)] = v.toDecryptedPropertyValue(decrypter)
}
prop = resource.NewObjectProperty(values)
case nil:
prop = resource.NewNullProperty()
default:
contract.Failf("unexpected value type %T", v)
}
if c.secure {
prop = resource.MakeSecret(prop)
}
return prop
}