Remove unneeded deps

parent 097f300a
...@@ -135,10 +135,6 @@ ...@@ -135,10 +135,6 @@
"Rev": "5bd2802263f21d8788851d5305584c82a5c75d7e" "Rev": "5bd2802263f21d8788851d5305584c82a5c75d7e"
}, },
{ {
"ImportPath": "github.com/abbot/go-http-auth",
"Rev": "c0ef4539dfab4d21c8ef20ba2924f9fc6f186d35"
},
{
"ImportPath": "github.com/armon/circbuf", "ImportPath": "github.com/armon/circbuf",
"Rev": "bbbad097214e2918d8543d5201d12bfd7bca254d" "Rev": "bbbad097214e2918d8543d5201d12bfd7bca254d"
}, },
...@@ -1527,11 +1523,6 @@ ...@@ -1527,11 +1523,6 @@
"Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09" "Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09"
}, },
{ {
"ImportPath": "github.com/google/cadvisor/api",
"Comment": "v0.30.2",
"Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09"
},
{
"ImportPath": "github.com/google/cadvisor/cache/memory", "ImportPath": "github.com/google/cadvisor/cache/memory",
"Comment": "v0.30.2", "Comment": "v0.30.2",
"Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09" "Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09"
...@@ -1607,21 +1598,6 @@ ...@@ -1607,21 +1598,6 @@
"Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09" "Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09"
}, },
{ {
"ImportPath": "github.com/google/cadvisor/healthz",
"Comment": "v0.30.2",
"Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09"
},
{
"ImportPath": "github.com/google/cadvisor/http",
"Comment": "v0.30.2",
"Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09"
},
{
"ImportPath": "github.com/google/cadvisor/http/mux",
"Comment": "v0.30.2",
"Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09"
},
{
"ImportPath": "github.com/google/cadvisor/info/v1", "ImportPath": "github.com/google/cadvisor/info/v1",
"Comment": "v0.30.2", "Comment": "v0.30.2",
"Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09" "Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09"
...@@ -1662,16 +1638,6 @@ ...@@ -1662,16 +1638,6 @@
"Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09" "Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09"
}, },
{ {
"ImportPath": "github.com/google/cadvisor/pages",
"Comment": "v0.30.2",
"Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09"
},
{
"ImportPath": "github.com/google/cadvisor/pages/static",
"Comment": "v0.30.2",
"Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09"
},
{
"ImportPath": "github.com/google/cadvisor/storage", "ImportPath": "github.com/google/cadvisor/storage",
"Comment": "v0.30.2", "Comment": "v0.30.2",
"Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09" "Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09"
...@@ -1722,11 +1688,6 @@ ...@@ -1722,11 +1688,6 @@
"Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09" "Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09"
}, },
{ {
"ImportPath": "github.com/google/cadvisor/validate",
"Comment": "v0.30.2",
"Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09"
},
{
"ImportPath": "github.com/google/cadvisor/version", "ImportPath": "github.com/google/cadvisor/version",
"Comment": "v0.30.2", "Comment": "v0.30.2",
"Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09" "Rev": "de723a090f4dd5390dc7c2acee37ba9c62f0cc09"
...@@ -1738,34 +1699,42 @@ ...@@ -1738,34 +1699,42 @@
}, },
{ {
"ImportPath": "github.com/google/certificate-transparency-go", "ImportPath": "github.com/google/certificate-transparency-go",
"Comment": "v1.0.10",
"Rev": "1bec4527572c443752ad4f2830bef88be0533236" "Rev": "1bec4527572c443752ad4f2830bef88be0533236"
}, },
{ {
"ImportPath": "github.com/google/certificate-transparency-go/asn1", "ImportPath": "github.com/google/certificate-transparency-go/asn1",
"Comment": "v1.0.10",
"Rev": "1bec4527572c443752ad4f2830bef88be0533236" "Rev": "1bec4527572c443752ad4f2830bef88be0533236"
}, },
{ {
"ImportPath": "github.com/google/certificate-transparency-go/client", "ImportPath": "github.com/google/certificate-transparency-go/client",
"Comment": "v1.0.10",
"Rev": "1bec4527572c443752ad4f2830bef88be0533236" "Rev": "1bec4527572c443752ad4f2830bef88be0533236"
}, },
{ {
"ImportPath": "github.com/google/certificate-transparency-go/client/configpb", "ImportPath": "github.com/google/certificate-transparency-go/client/configpb",
"Comment": "v1.0.10",
"Rev": "1bec4527572c443752ad4f2830bef88be0533236" "Rev": "1bec4527572c443752ad4f2830bef88be0533236"
}, },
{ {
"ImportPath": "github.com/google/certificate-transparency-go/jsonclient", "ImportPath": "github.com/google/certificate-transparency-go/jsonclient",
"Comment": "v1.0.10",
"Rev": "1bec4527572c443752ad4f2830bef88be0533236" "Rev": "1bec4527572c443752ad4f2830bef88be0533236"
}, },
{ {
"ImportPath": "github.com/google/certificate-transparency-go/tls", "ImportPath": "github.com/google/certificate-transparency-go/tls",
"Comment": "v1.0.10",
"Rev": "1bec4527572c443752ad4f2830bef88be0533236" "Rev": "1bec4527572c443752ad4f2830bef88be0533236"
}, },
{ {
"ImportPath": "github.com/google/certificate-transparency-go/x509", "ImportPath": "github.com/google/certificate-transparency-go/x509",
"Comment": "v1.0.10",
"Rev": "1bec4527572c443752ad4f2830bef88be0533236" "Rev": "1bec4527572c443752ad4f2830bef88be0533236"
}, },
{ {
"ImportPath": "github.com/google/certificate-transparency-go/x509/pkix", "ImportPath": "github.com/google/certificate-transparency-go/x509/pkix",
"Comment": "v1.0.10",
"Rev": "1bec4527572c443752ad4f2830bef88be0533236" "Rev": "1bec4527572c443752ad4f2830bef88be0533236"
}, },
{ {
...@@ -2007,6 +1976,7 @@ ...@@ -2007,6 +1976,7 @@
}, },
{ {
"ImportPath": "github.com/inconshreveable/mousetrap", "ImportPath": "github.com/inconshreveable/mousetrap",
"Comment": "v1.0",
"Rev": "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75" "Rev": "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75"
}, },
{ {
...@@ -2562,6 +2532,7 @@ ...@@ -2562,6 +2532,7 @@
}, },
{ {
"ImportPath": "github.com/quobyte/api", "ImportPath": "github.com/quobyte/api",
"Comment": "v0.1.1-4-g206ef83",
"Rev": "206ef832283c1a0144bbc762be2634d49987b5ff" "Rev": "206ef832283c1a0144bbc762be2634d49987b5ff"
}, },
{ {
...@@ -2876,6 +2847,7 @@ ...@@ -2876,6 +2847,7 @@
}, },
{ {
"ImportPath": "github.com/xiang90/probing", "ImportPath": "github.com/xiang90/probing",
"Comment": "0.0.1",
"Rev": "07dd2e8dfe18522e9c447ba95f2fe95262f63bb2" "Rev": "07dd2e8dfe18522e9c447ba95f2fe95262f63bb2"
}, },
{ {
......
This source diff could not be displayed because it is too large. You can view the blob instead.
...@@ -31,7 +31,6 @@ filegroup( ...@@ -31,7 +31,6 @@ filegroup(
"//vendor/github.com/Nvveen/Gotty:all-srcs", "//vendor/github.com/Nvveen/Gotty:all-srcs",
"//vendor/github.com/PuerkitoBio/purell:all-srcs", "//vendor/github.com/PuerkitoBio/purell:all-srcs",
"//vendor/github.com/PuerkitoBio/urlesc:all-srcs", "//vendor/github.com/PuerkitoBio/urlesc:all-srcs",
"//vendor/github.com/abbot/go-http-auth:all-srcs",
"//vendor/github.com/armon/circbuf:all-srcs", "//vendor/github.com/armon/circbuf:all-srcs",
"//vendor/github.com/asaskevich/govalidator:all-srcs", "//vendor/github.com/asaskevich/govalidator:all-srcs",
"//vendor/github.com/aws/aws-sdk-go/aws:all-srcs", "//vendor/github.com/aws/aws-sdk-go/aws:all-srcs",
...@@ -228,7 +227,6 @@ filegroup( ...@@ -228,7 +227,6 @@ filegroup(
"//vendor/github.com/golang/protobuf/ptypes:all-srcs", "//vendor/github.com/golang/protobuf/ptypes:all-srcs",
"//vendor/github.com/google/btree:all-srcs", "//vendor/github.com/google/btree:all-srcs",
"//vendor/github.com/google/cadvisor/accelerators:all-srcs", "//vendor/github.com/google/cadvisor/accelerators:all-srcs",
"//vendor/github.com/google/cadvisor/api:all-srcs",
"//vendor/github.com/google/cadvisor/cache/memory:all-srcs", "//vendor/github.com/google/cadvisor/cache/memory:all-srcs",
"//vendor/github.com/google/cadvisor/client/v2:all-srcs", "//vendor/github.com/google/cadvisor/client/v2:all-srcs",
"//vendor/github.com/google/cadvisor/collector:all-srcs", "//vendor/github.com/google/cadvisor/collector:all-srcs",
...@@ -236,18 +234,14 @@ filegroup( ...@@ -236,18 +234,14 @@ filegroup(
"//vendor/github.com/google/cadvisor/devicemapper:all-srcs", "//vendor/github.com/google/cadvisor/devicemapper:all-srcs",
"//vendor/github.com/google/cadvisor/events:all-srcs", "//vendor/github.com/google/cadvisor/events:all-srcs",
"//vendor/github.com/google/cadvisor/fs:all-srcs", "//vendor/github.com/google/cadvisor/fs:all-srcs",
"//vendor/github.com/google/cadvisor/healthz:all-srcs",
"//vendor/github.com/google/cadvisor/http:all-srcs",
"//vendor/github.com/google/cadvisor/info/v1:all-srcs", "//vendor/github.com/google/cadvisor/info/v1:all-srcs",
"//vendor/github.com/google/cadvisor/info/v2:all-srcs", "//vendor/github.com/google/cadvisor/info/v2:all-srcs",
"//vendor/github.com/google/cadvisor/machine:all-srcs", "//vendor/github.com/google/cadvisor/machine:all-srcs",
"//vendor/github.com/google/cadvisor/manager:all-srcs", "//vendor/github.com/google/cadvisor/manager:all-srcs",
"//vendor/github.com/google/cadvisor/metrics:all-srcs", "//vendor/github.com/google/cadvisor/metrics:all-srcs",
"//vendor/github.com/google/cadvisor/pages:all-srcs",
"//vendor/github.com/google/cadvisor/storage:all-srcs", "//vendor/github.com/google/cadvisor/storage:all-srcs",
"//vendor/github.com/google/cadvisor/summary:all-srcs", "//vendor/github.com/google/cadvisor/summary:all-srcs",
"//vendor/github.com/google/cadvisor/utils:all-srcs", "//vendor/github.com/google/cadvisor/utils:all-srcs",
"//vendor/github.com/google/cadvisor/validate:all-srcs",
"//vendor/github.com/google/cadvisor/version:all-srcs", "//vendor/github.com/google/cadvisor/version:all-srcs",
"//vendor/github.com/google/cadvisor/zfs:all-srcs", "//vendor/github.com/google/cadvisor/zfs:all-srcs",
"//vendor/github.com/google/certificate-transparency-go:all-srcs", "//vendor/github.com/google/certificate-transparency-go:all-srcs",
......
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = [
"auth.go",
"basic.go",
"digest.go",
"md5crypt.go",
"misc.go",
"users.go",
],
importmap = "k8s.io/kubernetes/vendor/github.com/abbot/go-http-auth",
importpath = "github.com/abbot/go-http-auth",
visibility = ["//visibility:public"],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)
include $(GOROOT)/src/Make.inc
TARG=auth_digest
GOFILES=\
auth.go\
digest.go\
basic.go\
misc.go\
md5crypt.go\
users.go\
include $(GOROOT)/src/Make.pkg
HTTP Authentication implementation in Go
========================================
This is an implementation of HTTP Basic and HTTP Digest authentication
in Go language. It is designed as a simple wrapper for
http.RequestHandler functions.
Features
--------
* Supports HTTP Basic and HTTP Digest authentication.
* Supports htpasswd and htdigest formatted files.
* Automatic reloading of password files.
* Pluggable interface for user/password storage.
* Supports MD5 and SHA1 for Basic authentication password storage.
* Configurable Digest nonce cache size with expiration.
* Wrapper for legacy http handlers (http.HandlerFunc interface)
Example usage
-------------
This is a complete working example for Basic auth:
package main
import (
auth "github.com/abbot/go-http-auth"
"fmt"
"net/http"
)
func Secret(user, realm string) string {
if user == "john" {
// password is "hello"
return "$1$dlPL2MqE$oQmn16q49SqdmhenQuNgs1"
}
return ""
}
func handle(w http.ResponseWriter, r *auth.AuthenticatedRequest) {
fmt.Fprintf(w, "<html><body><h1>Hello, %s!</h1></body></html>", r.Username)
}
func main() {
authenticator := auth.NewBasicAuthenticator("example.com", Secret)
http.HandleFunc("/", authenticator.Wrap(handle))
http.ListenAndServe(":8080", nil)
}
See more examples in the "examples" directory.
Legal
-----
This module is developed under Apache 2.0 license, and can be used for
open and proprietary projects.
Copyright 2012-2013 Lev Shamardin
Licensed under the Apache License, Version 2.0 (the "License"); you
may not use this file or any other part of this project except in
compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. See the License for the specific language governing
permissions and limitations under the License.
package auth
import "net/http"
/*
Request handlers must take AuthenticatedRequest instead of http.Request
*/
type AuthenticatedRequest struct {
http.Request
/*
Authenticated user name. Current API implies that Username is
never empty, which means that authentication is always done
before calling the request handler.
*/
Username string
}
/*
AuthenticatedHandlerFunc is like http.HandlerFunc, but takes
AuthenticatedRequest instead of http.Request
*/
type AuthenticatedHandlerFunc func(http.ResponseWriter, *AuthenticatedRequest)
/*
Authenticator wraps an AuthenticatedHandlerFunc with
authentication-checking code.
Typical Authenticator usage is something like:
authenticator := SomeAuthenticator(...)
http.HandleFunc("/", authenticator(my_handler))
Authenticator wrapper checks the user authentication and calls the
wrapped function only after authentication has succeeded. Otherwise,
it returns a handler which initiates the authentication procedure.
*/
type Authenticator func(AuthenticatedHandlerFunc) http.HandlerFunc
type AuthenticatorInterface interface {
Wrap(AuthenticatedHandlerFunc) http.HandlerFunc
}
func JustCheck(auth AuthenticatorInterface, wrapped http.HandlerFunc) http.HandlerFunc {
return auth.Wrap(func(w http.ResponseWriter, ar *AuthenticatedRequest) {
ar.Header.Set("X-Authenticated-Username", ar.Username)
wrapped(w, &ar.Request)
})
}
package auth
import (
"crypto/sha1"
"encoding/base64"
"net/http"
"strings"
)
type BasicAuth struct {
Realm string
Secrets SecretProvider
}
/*
Checks the username/password combination from the request. Returns
either an empty string (authentication failed) or the name of the
authenticated user.
Supports MD5 and SHA1 password entries
*/
func (a *BasicAuth) CheckAuth(r *http.Request) string {
s := strings.SplitN(r.Header.Get("Authorization"), " ", 2)
if len(s) != 2 || s[0] != "Basic" {
return ""
}
b, err := base64.StdEncoding.DecodeString(s[1])
if err != nil {
return ""
}
pair := strings.SplitN(string(b), ":", 2)
if len(pair) != 2 {
return ""
}
passwd := a.Secrets(pair[0], a.Realm)
if passwd == "" {
return ""
}
if strings.HasPrefix(passwd, "{SHA}") {
d := sha1.New()
d.Write([]byte(pair[1]))
if passwd[5:] != base64.StdEncoding.EncodeToString(d.Sum(nil)) {
return ""
}
} else {
e := NewMD5Entry(passwd)
if e == nil {
return ""
}
if passwd != string(MD5Crypt([]byte(pair[1]), e.Salt, e.Magic)) {
return ""
}
}
return pair[0]
}
/*
http.Handler for BasicAuth which initiates the authentication process
(or requires reauthentication).
*/
func (a *BasicAuth) RequireAuth(w http.ResponseWriter, r *http.Request) {
w.Header().Set("WWW-Authenticate", `Basic realm="`+a.Realm+`"`)
w.WriteHeader(401)
w.Write([]byte("401 Unauthorized\n"))
}
/*
BasicAuthenticator returns a function, which wraps an
AuthenticatedHandlerFunc converting it to http.HandlerFunc. This
wrapper function checks the authentication and either sends back
required authentication headers, or calls the wrapped function with
authenticated username in the AuthenticatedRequest.
*/
func (a *BasicAuth) Wrap(wrapped AuthenticatedHandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
if username := a.CheckAuth(r); username == "" {
a.RequireAuth(w, r)
} else {
ar := &AuthenticatedRequest{Request: *r, Username: username}
wrapped(w, ar)
}
}
}
func NewBasicAuthenticator(realm string, secrets SecretProvider) *BasicAuth {
return &BasicAuth{Realm: realm, Secrets: secrets}
}
package auth
import (
"fmt"
"net/http"
"net/url"
"sort"
"strconv"
"strings"
"sync"
"time"
)
type digest_client struct {
nc uint64
last_seen int64
}
type DigestAuth struct {
Realm string
Opaque string
Secrets SecretProvider
PlainTextSecrets bool
/*
Approximate size of Client's Cache. When actual number of
tracked client nonces exceeds
ClientCacheSize+ClientCacheTolerance, ClientCacheTolerance*2
older entries are purged.
*/
ClientCacheSize int
ClientCacheTolerance int
clients map[string]*digest_client
mutex sync.Mutex
}
type digest_cache_entry struct {
nonce string
last_seen int64
}
type digest_cache []digest_cache_entry
func (c digest_cache) Less(i, j int) bool {
return c[i].last_seen < c[j].last_seen
}
func (c digest_cache) Len() int {
return len(c)
}
func (c digest_cache) Swap(i, j int) {
c[i], c[j] = c[j], c[i]
}
/*
Remove count oldest entries from DigestAuth.clients
*/
func (a *DigestAuth) Purge(count int) {
entries := make([]digest_cache_entry, 0, len(a.clients))
for nonce, client := range a.clients {
entries = append(entries, digest_cache_entry{nonce, client.last_seen})
}
cache := digest_cache(entries)
sort.Sort(cache)
for _, client := range cache[:count] {
delete(a.clients, client.nonce)
}
}
/*
http.Handler for DigestAuth which initiates the authentication process
(or requires reauthentication).
*/
func (a *DigestAuth) RequireAuth(w http.ResponseWriter, r *http.Request) {
if len(a.clients) > a.ClientCacheSize+a.ClientCacheTolerance {
a.Purge(a.ClientCacheTolerance * 2)
}
nonce := RandomKey()
a.clients[nonce] = &digest_client{nc: 0, last_seen: time.Now().UnixNano()}
w.Header().Set("WWW-Authenticate",
fmt.Sprintf(`Digest realm="%s", nonce="%s", opaque="%s", algorithm="MD5", qop="auth"`,
a.Realm, nonce, a.Opaque))
w.WriteHeader(401)
w.Write([]byte("401 Unauthorized\n"))
}
/*
Parse Authorization header from the http.Request. Returns a map of
auth parameters or nil if the header is not a valid parsable Digest
auth header.
*/
func DigestAuthParams(r *http.Request) map[string]string {
s := strings.SplitN(r.Header.Get("Authorization"), " ", 2)
if len(s) != 2 || s[0] != "Digest" {
return nil
}
result := map[string]string{}
for _, kv := range strings.Split(s[1], ",") {
parts := strings.SplitN(kv, "=", 2)
if len(parts) != 2 {
continue
}
result[strings.Trim(parts[0], "\" ")] = strings.Trim(parts[1], "\" ")
}
return result
}
/*
Check if request contains valid authentication data. Returns a pair
of username, authinfo where username is the name of the authenticated
user or an empty string and authinfo is the contents for the optional
Authentication-Info response header.
*/
func (da *DigestAuth) CheckAuth(r *http.Request) (username string, authinfo *string) {
da.mutex.Lock()
defer da.mutex.Unlock()
username = ""
authinfo = nil
auth := DigestAuthParams(r)
if auth == nil || da.Opaque != auth["opaque"] || auth["algorithm"] != "MD5" || auth["qop"] != "auth" {
return
}
// Check if the requested URI matches auth header
switch u, err := url.Parse(auth["uri"]); {
case err != nil:
return
case r.URL == nil:
return
case len(u.Path) > len(r.URL.Path):
return
case !strings.HasPrefix(r.URL.Path, u.Path):
return
}
HA1 := da.Secrets(auth["username"], da.Realm)
if da.PlainTextSecrets {
HA1 = H(auth["username"] + ":" + da.Realm + ":" + HA1)
}
HA2 := H(r.Method + ":" + auth["uri"])
KD := H(strings.Join([]string{HA1, auth["nonce"], auth["nc"], auth["cnonce"], auth["qop"], HA2}, ":"))
if KD != auth["response"] {
return
}
// At this point crypto checks are completed and validated.
// Now check if the session is valid.
nc, err := strconv.ParseUint(auth["nc"], 16, 64)
if err != nil {
return
}
if client, ok := da.clients[auth["nonce"]]; !ok {
return
} else {
if client.nc != 0 && client.nc >= nc {
return
}
client.nc = nc
client.last_seen = time.Now().UnixNano()
}
resp_HA2 := H(":" + auth["uri"])
rspauth := H(strings.Join([]string{HA1, auth["nonce"], auth["nc"], auth["cnonce"], auth["qop"], resp_HA2}, ":"))
info := fmt.Sprintf(`qop="auth", rspauth="%s", cnonce="%s", nc="%s"`, rspauth, auth["cnonce"], auth["nc"])
return auth["username"], &info
}
/*
Default values for ClientCacheSize and ClientCacheTolerance for DigestAuth
*/
const DefaultClientCacheSize = 1000
const DefaultClientCacheTolerance = 100
/*
Wrap returns an Authenticator which uses HTTP Digest
authentication. Arguments:
realm: The authentication realm.
secrets: SecretProvider which must return HA1 digests for the same
realm as above.
*/
func (a *DigestAuth) Wrap(wrapped AuthenticatedHandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
if username, authinfo := a.CheckAuth(r); username == "" {
a.RequireAuth(w, r)
} else {
ar := &AuthenticatedRequest{Request: *r, Username: username}
if authinfo != nil {
w.Header().Set("Authentication-Info", *authinfo)
}
wrapped(w, ar)
}
}
}
/*
JustCheck returns function which converts an http.HandlerFunc into a
http.HandlerFunc which requires authentication. Username is passed as
an extra X-Authenticated-Username header.
*/
func (a *DigestAuth) JustCheck(wrapped http.HandlerFunc) http.HandlerFunc {
return a.Wrap(func(w http.ResponseWriter, ar *AuthenticatedRequest) {
ar.Header.Set("X-Authenticated-Username", ar.Username)
wrapped(w, &ar.Request)
})
}
func NewDigestAuthenticator(realm string, secrets SecretProvider) *DigestAuth {
da := &DigestAuth{
Opaque: RandomKey(),
Realm: realm,
Secrets: secrets,
PlainTextSecrets: false,
ClientCacheSize: DefaultClientCacheSize,
ClientCacheTolerance: DefaultClientCacheTolerance,
clients: map[string]*digest_client{}}
return da
}
package auth
import "crypto/md5"
import "strings"
const itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
var md5_crypt_swaps = [16]int{12, 6, 0, 13, 7, 1, 14, 8, 2, 15, 9, 3, 5, 10, 4, 11}
type MD5Entry struct {
Magic, Salt, Hash []byte
}
func NewMD5Entry(e string) *MD5Entry {
parts := strings.SplitN(e, "$", 4)
if len(parts) != 4 {
return nil
}
return &MD5Entry{
Magic: []byte("$" + parts[1] + "$"),
Salt: []byte(parts[2]),
Hash: []byte(parts[3]),
}
}
/*
MD5 password crypt implementation
*/
func MD5Crypt(password, salt, magic []byte) []byte {
d := md5.New()
d.Write(password)
d.Write(magic)
d.Write(salt)
d2 := md5.New()
d2.Write(password)
d2.Write(salt)
d2.Write(password)
for i, mixin := 0, d2.Sum(nil); i < len(password); i++ {
d.Write([]byte{mixin[i%16]})
}
for i := len(password); i != 0; i >>= 1 {
if i&1 == 0 {
d.Write([]byte{password[0]})
} else {
d.Write([]byte{0})
}
}
final := d.Sum(nil)
for i := 0; i < 1000; i++ {
d2 := md5.New()
if i&1 == 0 {
d2.Write(final)
} else {
d2.Write(password)
}
if i%3 != 0 {
d2.Write(salt)
}
if i%7 != 0 {
d2.Write(password)
}
if i&1 == 0 {
d2.Write(password)
} else {
d2.Write(final)
}
final = d2.Sum(nil)
}
result := make([]byte, 0, 22)
v := uint(0)
bits := uint(0)
for _, i := range md5_crypt_swaps {
v |= (uint(final[i]) << bits)
for bits = bits + 8; bits > 6; bits -= 6 {
result = append(result, itoa64[v&0x3f])
v >>= 6
}
}
result = append(result, itoa64[v&0x3f])
return append(append(append(magic, salt...), '$'), result...)
}
package auth
import "encoding/base64"
import "crypto/md5"
import "crypto/rand"
import "fmt"
/*
Return a random 16-byte base64 alphabet string
*/
func RandomKey() string {
k := make([]byte, 12)
for bytes := 0; bytes < len(k); {
n, err := rand.Read(k[bytes:])
if err != nil {
panic("rand.Read() failed")
}
bytes += n
}
return base64.StdEncoding.EncodeToString(k)
}
/*
H function for MD5 algorithm (returns a lower-case hex MD5 digest)
*/
func H(data string) string {
digest := md5.New()
digest.Write([]byte(data))
return fmt.Sprintf("%x", digest.Sum(nil))
}
test:example.com:aa78524fceb0e50fd8ca96dd818b8cf9
test:{SHA}qvTGHdzF6KLavt4PO0gs2a6pQ00=
test2:$apr1$a0j62R97$mYqFkloXH0/UOaUnAiV2b0
package auth
import "encoding/csv"
import "os"
/*
SecretProvider is used by authenticators. Takes user name and realm
as an argument, returns secret required for authentication (HA1 for
digest authentication, properly encrypted password for basic).
*/
type SecretProvider func(user, realm string) string
/*
Common functions for file auto-reloading
*/
type File struct {
Path string
Info os.FileInfo
/* must be set in inherited types during initialization */
Reload func()
}
func (f *File) ReloadIfNeeded() {
info, err := os.Stat(f.Path)
if err != nil {
panic(err)
}
if f.Info == nil || f.Info.ModTime() != info.ModTime() {
f.Info = info
f.Reload()
}
}
/*
Structure used for htdigest file authentication. Users map realms to
maps of users to their HA1 digests.
*/
type HtdigestFile struct {
File
Users map[string]map[string]string
}
func reload_htdigest(hf *HtdigestFile) {
r, err := os.Open(hf.Path)
if err != nil {
panic(err)
}
csv_reader := csv.NewReader(r)
csv_reader.Comma = ':'
csv_reader.Comment = '#'
csv_reader.TrimLeadingSpace = true
records, err := csv_reader.ReadAll()
if err != nil {
panic(err)
}
hf.Users = make(map[string]map[string]string)
for _, record := range records {
_, exists := hf.Users[record[1]]
if !exists {
hf.Users[record[1]] = make(map[string]string)
}
hf.Users[record[1]][record[0]] = record[2]
}
}
/*
SecretProvider implementation based on htdigest-formated files. Will
reload htdigest file on changes. Will panic on syntax errors in
htdigest files.
*/
func HtdigestFileProvider(filename string) SecretProvider {
hf := &HtdigestFile{File: File{Path: filename}}
hf.Reload = func() { reload_htdigest(hf) }
return func(user, realm string) string {
hf.ReloadIfNeeded()
_, exists := hf.Users[realm]
if !exists {
return ""
}
digest, exists := hf.Users[realm][user]
if !exists {
return ""
}
return digest
}
}
/*
Structure used for htdigest file authentication. Users map users to
their salted encrypted password
*/
type HtpasswdFile struct {
File
Users map[string]string
}
func reload_htpasswd(h *HtpasswdFile) {
r, err := os.Open(h.Path)
if err != nil {
panic(err)
}
csv_reader := csv.NewReader(r)
csv_reader.Comma = ':'
csv_reader.Comment = '#'
csv_reader.TrimLeadingSpace = true
records, err := csv_reader.ReadAll()
if err != nil {
panic(err)
}
h.Users = make(map[string]string)
for _, record := range records {
h.Users[record[0]] = record[1]
}
}
/*
SecretProvider implementation based on htpasswd-formated files. Will
reload htpasswd file on changes. Will panic on syntax errors in
htpasswd files. Realm argument of the SecretProvider is ignored.
*/
func HtpasswdFileProvider(filename string) SecretProvider {
h := &HtpasswdFile{File: File{Path: filename}}
h.Reload = func() { reload_htpasswd(h) }
return func(user, realm string) string {
h.ReloadIfNeeded()
password, exists := h.Users[user]
if !exists {
return ""
}
return password
}
}
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = [
"handler.go",
"versions.go",
],
importmap = "k8s.io/kubernetes/vendor/github.com/google/cadvisor/api",
importpath = "github.com/google/cadvisor/api",
visibility = ["//visibility:public"],
deps = [
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/github.com/google/cadvisor/events:go_default_library",
"//vendor/github.com/google/cadvisor/http/mux:go_default_library",
"//vendor/github.com/google/cadvisor/info/v1:go_default_library",
"//vendor/github.com/google/cadvisor/info/v2:go_default_library",
"//vendor/github.com/google/cadvisor/manager:go_default_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)
// Copyright 2014 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Package api provides a handler for /api/
package api
import (
"encoding/json"
"errors"
"fmt"
"io"
"net/http"
"path"
"regexp"
"sort"
"strconv"
"strings"
"time"
"github.com/google/cadvisor/events"
httpmux "github.com/google/cadvisor/http/mux"
info "github.com/google/cadvisor/info/v1"
"github.com/google/cadvisor/manager"
"github.com/golang/glog"
)
const (
apiResource = "/api/"
)
func RegisterHandlers(mux httpmux.Mux, m manager.Manager) error {
apiVersions := getApiVersions()
supportedApiVersions := make(map[string]ApiVersion, len(apiVersions))
for _, v := range apiVersions {
supportedApiVersions[v.Version()] = v
}
mux.HandleFunc(apiResource, func(w http.ResponseWriter, r *http.Request) {
err := handleRequest(supportedApiVersions, m, w, r)
if err != nil {
http.Error(w, err.Error(), 500)
}
})
return nil
}
// Captures the API version, requestType [optional], and remaining request [optional].
var apiRegexp = regexp.MustCompile(`/api/([^/]+)/?([^/]+)?(.*)`)
const (
apiVersion = iota + 1
apiRequestType
apiRequestArgs
)
func handleRequest(supportedApiVersions map[string]ApiVersion, m manager.Manager, w http.ResponseWriter, r *http.Request) error {
start := time.Now()
defer func() {
glog.V(4).Infof("Request took %s", time.Since(start))
}()
request := r.URL.Path
const apiPrefix = "/api"
if !strings.HasPrefix(request, apiPrefix) {
return fmt.Errorf("incomplete API request %q", request)
}
// If the request doesn't have an API version, list those.
if request == apiPrefix || request == apiResource {
versions := make([]string, 0, len(supportedApiVersions))
for v := range supportedApiVersions {
versions = append(versions, v)
}
sort.Strings(versions)
http.Error(w, fmt.Sprintf("Supported API versions: %s", strings.Join(versions, ",")), http.StatusBadRequest)
return nil
}
// Verify that we have all the elements we expect:
// /<version>/<request type>[/<args...>]
requestElements := apiRegexp.FindStringSubmatch(request)
if len(requestElements) == 0 {
return fmt.Errorf("malformed request %q", request)
}
version := requestElements[apiVersion]
requestType := requestElements[apiRequestType]
requestArgs := strings.Split(requestElements[apiRequestArgs], "/")
// Check supported versions.
versionHandler, ok := supportedApiVersions[version]
if !ok {
return fmt.Errorf("unsupported API version %q", version)
}
// If no request type, list possible request types.
if requestType == "" {
requestTypes := versionHandler.SupportedRequestTypes()
sort.Strings(requestTypes)
http.Error(w, fmt.Sprintf("Supported request types: %q", strings.Join(requestTypes, ",")), http.StatusBadRequest)
return nil
}
// Trim the first empty element from the request.
if len(requestArgs) > 0 && requestArgs[0] == "" {
requestArgs = requestArgs[1:]
}
return versionHandler.HandleRequest(requestType, requestArgs, m, w, r)
}
func writeResult(res interface{}, w http.ResponseWriter) error {
out, err := json.Marshal(res)
if err != nil {
return fmt.Errorf("failed to marshall response %+v with error: %s", res, err)
}
w.Header().Set("Content-Type", "application/json")
w.Write(out)
return nil
}
func streamResults(eventChannel *events.EventChannel, w http.ResponseWriter, r *http.Request, m manager.Manager) error {
cn, ok := w.(http.CloseNotifier)
if !ok {
return errors.New("could not access http.CloseNotifier")
}
flusher, ok := w.(http.Flusher)
if !ok {
return errors.New("could not access http.Flusher")
}
w.Header().Set("Transfer-Encoding", "chunked")
w.WriteHeader(http.StatusOK)
flusher.Flush()
enc := json.NewEncoder(w)
for {
select {
case <-cn.CloseNotify():
m.CloseEventChannel(eventChannel.GetWatchId())
return nil
case ev := <-eventChannel.GetChannel():
err := enc.Encode(ev)
if err != nil {
glog.Errorf("error encoding message %+v for result stream: %v", ev, err)
}
flusher.Flush()
}
}
}
func getContainerInfoRequest(body io.ReadCloser) (*info.ContainerInfoRequest, error) {
query := info.DefaultContainerInfoRequest()
decoder := json.NewDecoder(body)
err := decoder.Decode(&query)
if err != nil && err != io.EOF {
return nil, fmt.Errorf("unable to decode the json value: %s", err)
}
return &query, nil
}
// The user can set any or none of the following arguments in any order
// with any twice defined arguments being assigned the first value.
// If the value type for the argument is wrong the field will be assumed to be
// unassigned
// bools: stream, subcontainers, oom_events, creation_events, deletion_events
// ints: max_events, start_time (unix timestamp), end_time (unix timestamp)
// example r.URL: http://localhost:8080/api/v1.3/events?oom_events=true&stream=true
func getEventRequest(r *http.Request) (*events.Request, bool, error) {
query := events.NewRequest()
stream := false
urlMap := r.URL.Query()
if val, ok := urlMap["stream"]; ok {
newBool, err := strconv.ParseBool(val[0])
if err == nil {
stream = newBool
}
}
if val, ok := urlMap["subcontainers"]; ok {
newBool, err := strconv.ParseBool(val[0])
if err == nil {
query.IncludeSubcontainers = newBool
}
}
eventTypes := map[string]info.EventType{
"oom_events": info.EventOom,
"oom_kill_events": info.EventOomKill,
"creation_events": info.EventContainerCreation,
"deletion_events": info.EventContainerDeletion,
}
allEventTypes := false
if val, ok := urlMap["all_events"]; ok {
newBool, err := strconv.ParseBool(val[0])
if err == nil {
allEventTypes = newBool
}
}
for opt, eventType := range eventTypes {
if allEventTypes {
query.EventType[eventType] = true
} else if val, ok := urlMap[opt]; ok {
newBool, err := strconv.ParseBool(val[0])
if err == nil {
query.EventType[eventType] = newBool
}
}
}
if val, ok := urlMap["max_events"]; ok {
newInt, err := strconv.Atoi(val[0])
if err == nil {
query.MaxEventsReturned = int(newInt)
}
}
if val, ok := urlMap["start_time"]; ok {
newTime, err := time.Parse(time.RFC3339, val[0])
if err == nil {
query.StartTime = newTime
}
}
if val, ok := urlMap["end_time"]; ok {
newTime, err := time.Parse(time.RFC3339, val[0])
if err == nil {
query.EndTime = newTime
}
}
return query, stream, nil
}
func getContainerName(request []string) string {
return path.Join("/", strings.Join(request, "/"))
}
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = ["healthz.go"],
importmap = "k8s.io/kubernetes/vendor/github.com/google/cadvisor/healthz",
importpath = "github.com/google/cadvisor/healthz",
visibility = ["//visibility:public"],
deps = ["//vendor/github.com/google/cadvisor/http/mux:go_default_library"],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)
// Copyright 2014 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package healthz
import (
"net/http"
httpmux "github.com/google/cadvisor/http/mux"
)
func handleHealthz(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
w.Write([]byte("ok"))
}
// Register simple HTTP /healthz handler to return "ok".
func RegisterHandler(mux httpmux.Mux) error {
mux.HandleFunc("/healthz", handleHealthz)
return nil
}
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = ["handlers.go"],
importmap = "k8s.io/kubernetes/vendor/github.com/google/cadvisor/http",
importpath = "github.com/google/cadvisor/http",
visibility = ["//visibility:public"],
deps = [
"//vendor/github.com/abbot/go-http-auth:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/github.com/google/cadvisor/api:go_default_library",
"//vendor/github.com/google/cadvisor/healthz:go_default_library",
"//vendor/github.com/google/cadvisor/http/mux:go_default_library",
"//vendor/github.com/google/cadvisor/manager:go_default_library",
"//vendor/github.com/google/cadvisor/metrics:go_default_library",
"//vendor/github.com/google/cadvisor/pages:go_default_library",
"//vendor/github.com/google/cadvisor/pages/static:go_default_library",
"//vendor/github.com/google/cadvisor/validate:go_default_library",
"//vendor/github.com/prometheus/client_golang/prometheus:go_default_library",
"//vendor/github.com/prometheus/client_golang/prometheus/promhttp:go_default_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [
":package-srcs",
"//vendor/github.com/google/cadvisor/http/mux:all-srcs",
],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)
// Copyright 2015 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package http
import (
"fmt"
"net/http"
"os"
"github.com/google/cadvisor/api"
"github.com/google/cadvisor/healthz"
httpmux "github.com/google/cadvisor/http/mux"
"github.com/google/cadvisor/manager"
"github.com/google/cadvisor/metrics"
"github.com/google/cadvisor/pages"
"github.com/google/cadvisor/pages/static"
"github.com/google/cadvisor/validate"
auth "github.com/abbot/go-http-auth"
"github.com/golang/glog"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promhttp"
)
func RegisterHandlers(mux httpmux.Mux, containerManager manager.Manager, httpAuthFile, httpAuthRealm, httpDigestFile, httpDigestRealm string) error {
// Basic health handler.
if err := healthz.RegisterHandler(mux); err != nil {
return fmt.Errorf("failed to register healthz handler: %s", err)
}
// Validation/Debug handler.
mux.HandleFunc(validate.ValidatePage, func(w http.ResponseWriter, r *http.Request) {
err := validate.HandleRequest(w, containerManager)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
})
// Register API handler.
if err := api.RegisterHandlers(mux, containerManager); err != nil {
return fmt.Errorf("failed to register API handlers: %s", err)
}
// Redirect / to containers page.
mux.Handle("/", http.RedirectHandler(pages.ContainersPage, http.StatusTemporaryRedirect))
var authenticated bool
// Setup the authenticator object
if httpAuthFile != "" {
glog.V(1).Infof("Using auth file %s", httpAuthFile)
secrets := auth.HtpasswdFileProvider(httpAuthFile)
authenticator := auth.NewBasicAuthenticator(httpAuthRealm, secrets)
mux.HandleFunc(static.StaticResource, authenticator.Wrap(staticHandler))
if err := pages.RegisterHandlersBasic(mux, containerManager, authenticator); err != nil {
return fmt.Errorf("failed to register pages auth handlers: %s", err)
}
authenticated = true
}
if httpAuthFile == "" && httpDigestFile != "" {
glog.V(1).Infof("Using digest file %s", httpDigestFile)
secrets := auth.HtdigestFileProvider(httpDigestFile)
authenticator := auth.NewDigestAuthenticator(httpDigestRealm, secrets)
mux.HandleFunc(static.StaticResource, authenticator.Wrap(staticHandler))
if err := pages.RegisterHandlersDigest(mux, containerManager, authenticator); err != nil {
return fmt.Errorf("failed to register pages digest handlers: %s", err)
}
authenticated = true
}
// Change handler based on authenticator initalization
if !authenticated {
mux.HandleFunc(static.StaticResource, staticHandlerNoAuth)
if err := pages.RegisterHandlersBasic(mux, containerManager, nil); err != nil {
return fmt.Errorf("failed to register pages handlers: %s", err)
}
}
return nil
}
// RegisterPrometheusHandler creates a new PrometheusCollector and configures
// the provided HTTP mux to handle the given Prometheus endpoint.
func RegisterPrometheusHandler(mux httpmux.Mux, containerManager manager.Manager, prometheusEndpoint string, f metrics.ContainerLabelsFunc) {
r := prometheus.NewRegistry()
r.MustRegister(
metrics.NewPrometheusCollector(containerManager, f),
prometheus.NewGoCollector(),
prometheus.NewProcessCollector(os.Getpid(), ""),
)
mux.Handle(prometheusEndpoint, promhttp.HandlerFor(r, promhttp.HandlerOpts{ErrorHandling: promhttp.ContinueOnError}))
}
func staticHandlerNoAuth(w http.ResponseWriter, r *http.Request) {
static.HandleRequest(w, r.URL)
}
func staticHandler(w http.ResponseWriter, r *auth.AuthenticatedRequest) {
static.HandleRequest(w, r.URL)
}
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = ["mux.go"],
importmap = "k8s.io/kubernetes/vendor/github.com/google/cadvisor/http/mux",
importpath = "github.com/google/cadvisor/http/mux",
visibility = ["//visibility:public"],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)
// Copyright 2015 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package mux
import (
"net/http"
)
// Mux interface expected by cAdvisor components.
type Mux interface {
HandleFunc(pattern string, handler func(http.ResponseWriter, *http.Request))
Handler(r *http.Request) (http.Handler, string)
Handle(pattern string, handler http.Handler)
}
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = [
"containers.go",
"docker.go",
"pages.go",
"templates.go",
],
importmap = "k8s.io/kubernetes/vendor/github.com/google/cadvisor/pages",
importpath = "github.com/google/cadvisor/pages",
visibility = ["//visibility:public"],
deps = [
"//vendor/github.com/abbot/go-http-auth:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/github.com/google/cadvisor/container/docker:go_default_library",
"//vendor/github.com/google/cadvisor/http/mux:go_default_library",
"//vendor/github.com/google/cadvisor/info/v1:go_default_library",
"//vendor/github.com/google/cadvisor/manager:go_default_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [
":package-srcs",
"//vendor/github.com/google/cadvisor/pages/static:all-srcs",
],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)
// Copyright 2014 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Page for /containers/
package pages
import (
"fmt"
"html/template"
"net/http"
"net/url"
"path"
"strconv"
"strings"
"time"
info "github.com/google/cadvisor/info/v1"
"github.com/google/cadvisor/manager"
"github.com/golang/glog"
)
const ContainersPage = "/containers/"
// from http://golang.org/doc/effective_go.html#constants
type ByteSize float64
const (
_ = iota
// KB - kilobyte
KB ByteSize = 1 << (10 * iota)
// MB - megabyte
MB
// GB - gigabyte
GB
// TB - terabyte
TB
// PB - petabyte
PB
// EB - exabyte
EB
// ZB - zettabyte
ZB
// YB - yottabyte
YB
)
func (b ByteSize) Size() string {
for _, i := range [...]ByteSize{YB, ZB, EB, PB, TB, GB, MB, KB} {
if b >= i {
return fmt.Sprintf("%.2f", b/i)
}
}
return fmt.Sprintf("%.2f", b)
}
func (b ByteSize) Unit() string {
switch {
case b >= YB:
return "YB"
case b >= ZB:
return "ZB"
case b >= EB:
return "EB"
case b >= PB:
return "PB"
case b >= TB:
return "TB"
case b >= GB:
return "GB"
case b >= MB:
return "MB"
case b >= KB:
return "KB"
}
return "B"
}
var funcMap = template.FuncMap{
"printMask": printMask,
"printCores": printCores,
"printShares": printShares,
"printSize": printSize,
"printUnit": printUnit,
}
func printMask(mask string, numCores int) interface{} {
masks := make([]string, numCores)
activeCores := getActiveCores(mask)
for i := 0; i < numCores; i++ {
coreClass := "inactive-cpu"
if activeCores[i] {
coreClass = "active-cpu"
}
masks[i] = fmt.Sprintf("<span class=\"%s\">%d</span>", coreClass, i)
}
return template.HTML(strings.Join(masks, "&nbsp;"))
}
func getActiveCores(mask string) map[int]bool {
activeCores := make(map[int]bool)
for _, corebits := range strings.Split(mask, ",") {
cores := strings.Split(corebits, "-")
if len(cores) == 1 {
index, err := strconv.Atoi(cores[0])
if err != nil {
// Ignore malformed strings.
continue
}
activeCores[index] = true
} else if len(cores) == 2 {
start, err := strconv.Atoi(cores[0])
if err != nil {
continue
}
end, err := strconv.Atoi(cores[1])
if err != nil {
continue
}
for i := start; i <= end; i++ {
activeCores[i] = true
}
}
}
return activeCores
}
func printCores(millicores *uint64) string {
cores := float64(*millicores) / 1000
return strconv.FormatFloat(cores, 'f', 3, 64)
}
func printShares(shares *uint64) string {
return fmt.Sprintf("%d", *shares)
}
// Size after which we consider memory to be "unlimited". This is not
// MaxInt64 due to rounding by the kernel.
const maxMemorySize = uint64(1 << 62)
func printSize(bytes uint64) string {
if bytes >= maxMemorySize {
return "unlimited"
}
return ByteSize(bytes).Size()
}
func printUnit(bytes uint64) string {
if bytes >= maxMemorySize {
return ""
}
return ByteSize(bytes).Unit()
}
func serveContainersPage(m manager.Manager, w http.ResponseWriter, u *url.URL) {
start := time.Now()
// The container name is the path after the handler
containerName := u.Path[len(ContainersPage)-1:]
// Get the container.
reqParams := info.ContainerInfoRequest{
NumStats: 60,
}
cont, err := m.GetContainerInfo(containerName, &reqParams)
if err != nil {
http.Error(w, fmt.Sprintf("failed to get container %q with error: %v", containerName, err), http.StatusNotFound)
return
}
displayName := getContainerDisplayName(cont.ContainerReference)
// Get the MachineInfo
machineInfo, err := m.GetMachineInfo()
if err != nil {
http.Error(w, fmt.Sprintf("failed to get machine info: %v", err), http.StatusInternalServerError)
return
}
rootDir := getRootDir(containerName)
// Make a list of the parent containers and their links
pathParts := strings.Split(string(cont.Name), "/")
parentContainers := make([]link, 0, len(pathParts))
parentContainers = append(parentContainers, link{
Text: "root",
Link: path.Join(rootDir, ContainersPage),
})
for i := 1; i < len(pathParts); i++ {
// Skip empty parts.
if pathParts[i] == "" {
continue
}
parentContainers = append(parentContainers, link{
Text: pathParts[i],
Link: path.Join(rootDir, ContainersPage, path.Join(pathParts[1:i+1]...)),
})
}
// Build the links for the subcontainers.
subcontainerLinks := make([]link, 0, len(cont.Subcontainers))
for _, sub := range cont.Subcontainers {
if !m.Exists(sub.Name) {
continue
}
subcontainerLinks = append(subcontainerLinks, link{
Text: getContainerDisplayName(sub),
Link: path.Join(rootDir, ContainersPage, sub.Name),
})
}
data := &pageData{
DisplayName: displayName,
ContainerName: escapeContainerName(cont.Name),
ParentContainers: parentContainers,
Subcontainers: subcontainerLinks,
Spec: cont.Spec,
Stats: cont.Stats,
MachineInfo: machineInfo,
IsRoot: cont.Name == "/",
ResourcesAvailable: cont.Spec.HasCpu || cont.Spec.HasMemory || cont.Spec.HasNetwork || cont.Spec.HasFilesystem,
CpuAvailable: cont.Spec.HasCpu,
MemoryAvailable: cont.Spec.HasMemory,
NetworkAvailable: cont.Spec.HasNetwork,
FsAvailable: cont.Spec.HasFilesystem,
CustomMetricsAvailable: cont.Spec.HasCustomMetrics,
SubcontainersAvailable: len(subcontainerLinks) > 0,
Root: rootDir,
}
err = pageTemplate.Execute(w, data)
if err != nil {
glog.Errorf("Failed to apply template: %s", err)
}
glog.V(5).Infof("Request took %s", time.Since(start))
}
// Build a relative path to the root of the container page.
func getRootDir(containerName string) string {
// The root is at: container depth
levels := (strings.Count(containerName, "/"))
return strings.Repeat("../", levels)
}
// Copyright 2014 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package pages
import (
"fmt"
"net/http"
"net/url"
"path"
"strconv"
"time"
"github.com/google/cadvisor/container/docker"
info "github.com/google/cadvisor/info/v1"
"github.com/google/cadvisor/manager"
"github.com/golang/glog"
)
const DockerPage = "/docker/"
func toStatusKV(status info.DockerStatus) ([]keyVal, []keyVal) {
ds := []keyVal{
{Key: "Driver", Value: status.Driver},
}
for k, v := range status.DriverStatus {
ds = append(ds, keyVal{Key: k, Value: v})
}
return []keyVal{
{Key: "Docker Version", Value: status.Version},
{Key: "Docker API Version", Value: status.APIVersion},
{Key: "Kernel Version", Value: status.KernelVersion},
{Key: "OS Version", Value: status.OS},
{Key: "Host Name", Value: status.Hostname},
{Key: "Docker Root Directory", Value: status.RootDir},
{Key: "Execution Driver", Value: status.ExecDriver},
{Key: "Number of Images", Value: strconv.Itoa(status.NumImages)},
{Key: "Number of Containers", Value: strconv.Itoa(status.NumContainers)},
}, ds
}
func serveDockerPage(m manager.Manager, w http.ResponseWriter, u *url.URL) {
start := time.Now()
// The container name is the path after the handler
containerName := u.Path[len(DockerPage)-1:]
rootDir := getRootDir(containerName)
var data *pageData
if containerName == "/" {
// Get the containers.
reqParams := info.ContainerInfoRequest{
NumStats: 0,
}
conts, err := m.AllDockerContainers(&reqParams)
if err != nil {
http.Error(w, fmt.Sprintf("failed to get container %q with error: %v", containerName, err), http.StatusNotFound)
return
}
subcontainers := make([]link, 0, len(conts))
for _, cont := range conts {
subcontainers = append(subcontainers, link{
Text: getContainerDisplayName(cont.ContainerReference),
Link: path.Join(rootDir, DockerPage, docker.ContainerNameToDockerId(cont.ContainerReference.Name)),
})
}
// Get Docker status
status, err := m.DockerInfo()
if err != nil {
http.Error(w, fmt.Sprintf("failed to get docker info: %v", err), http.StatusInternalServerError)
return
}
dockerStatus, driverStatus := toStatusKV(status)
// Get Docker Images
images, err := m.DockerImages()
if err != nil {
http.Error(w, fmt.Sprintf("failed to get docker images: %v", err), http.StatusInternalServerError)
return
}
dockerContainersText := "Docker Containers"
data = &pageData{
DisplayName: dockerContainersText,
ParentContainers: []link{
{
Text: dockerContainersText,
Link: path.Join(rootDir, DockerPage),
}},
Subcontainers: subcontainers,
Root: rootDir,
DockerStatus: dockerStatus,
DockerDriverStatus: driverStatus,
DockerImages: images,
}
} else {
// Get the container.
reqParams := info.ContainerInfoRequest{
NumStats: 60,
}
cont, err := m.DockerContainer(containerName[1:], &reqParams)
if err != nil {
http.Error(w, fmt.Sprintf("failed to get container %q with error: %v", containerName, err), http.StatusNotFound)
return
}
displayName := getContainerDisplayName(cont.ContainerReference)
// Make a list of the parent containers and their links
var parentContainers []link
parentContainers = append(parentContainers, link{
Text: "Docker Containers",
Link: path.Join(rootDir, DockerPage),
})
parentContainers = append(parentContainers, link{
Text: displayName,
Link: path.Join(rootDir, DockerPage, docker.ContainerNameToDockerId(cont.Name)),
})
// Get the MachineInfo
machineInfo, err := m.GetMachineInfo()
if err != nil {
http.Error(w, fmt.Sprintf("failed to get machine info: %v", err), http.StatusInternalServerError)
return
}
data = &pageData{
DisplayName: displayName,
ContainerName: escapeContainerName(cont.Name),
ParentContainers: parentContainers,
Spec: cont.Spec,
Stats: cont.Stats,
MachineInfo: machineInfo,
ResourcesAvailable: cont.Spec.HasCpu || cont.Spec.HasMemory || cont.Spec.HasNetwork,
CpuAvailable: cont.Spec.HasCpu,
MemoryAvailable: cont.Spec.HasMemory,
NetworkAvailable: cont.Spec.HasNetwork,
FsAvailable: cont.Spec.HasFilesystem,
CustomMetricsAvailable: cont.Spec.HasCustomMetrics,
Root: rootDir,
}
}
err := pageTemplate.Execute(w, data)
if err != nil {
glog.Errorf("Failed to apply template: %s", err)
}
glog.V(5).Infof("Request took %s", time.Since(start))
return
}
// Copyright 2014 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package pages
import (
"fmt"
"html/template"
"net/http"
"net/url"
"strings"
httpmux "github.com/google/cadvisor/http/mux"
info "github.com/google/cadvisor/info/v1"
"github.com/google/cadvisor/manager"
auth "github.com/abbot/go-http-auth"
"github.com/golang/glog"
)
var pageTemplate *template.Template
type link struct {
// Text to show in the link.
Text string
// Web address to link to.
Link string
}
type keyVal struct {
Key string
Value string
}
type pageData struct {
DisplayName string
ContainerName string
ParentContainers []link
Subcontainers []link
Spec info.ContainerSpec
Stats []*info.ContainerStats
MachineInfo *info.MachineInfo
IsRoot bool
ResourcesAvailable bool
CpuAvailable bool
MemoryAvailable bool
NetworkAvailable bool
FsAvailable bool
CustomMetricsAvailable bool
SubcontainersAvailable bool
Root string
DockerStatus []keyVal
DockerDriverStatus []keyVal
DockerImages []info.DockerImage
}
func init() {
containersHtmlTemplate, _ := Asset("pages/assets/html/containers.html")
pageTemplate = template.New("containersTemplate").Funcs(funcMap)
_, err := pageTemplate.Parse(string(containersHtmlTemplate))
if err != nil {
glog.Fatalf("Failed to parse template: %s", err)
}
}
func containerHandlerNoAuth(containerManager manager.Manager) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
serveContainersPage(containerManager, w, r.URL)
}
}
func containerHandler(containerManager manager.Manager) auth.AuthenticatedHandlerFunc {
return func(w http.ResponseWriter, r *auth.AuthenticatedRequest) {
serveContainersPage(containerManager, w, r.URL)
}
}
func dockerHandlerNoAuth(containerManager manager.Manager) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
serveDockerPage(containerManager, w, r.URL)
}
}
func dockerHandler(containerManager manager.Manager) auth.AuthenticatedHandlerFunc {
return func(w http.ResponseWriter, r *auth.AuthenticatedRequest) {
serveDockerPage(containerManager, w, r.URL)
}
}
// Register http handlers
func RegisterHandlersDigest(mux httpmux.Mux, containerManager manager.Manager, authenticator *auth.DigestAuth) error {
// Register the handler for the containers page.
if authenticator != nil {
mux.HandleFunc(ContainersPage, authenticator.Wrap(containerHandler(containerManager)))
mux.HandleFunc(DockerPage, authenticator.Wrap(dockerHandler(containerManager)))
} else {
mux.HandleFunc(ContainersPage, containerHandlerNoAuth(containerManager))
mux.HandleFunc(DockerPage, dockerHandlerNoAuth(containerManager))
}
return nil
}
func RegisterHandlersBasic(mux httpmux.Mux, containerManager manager.Manager, authenticator *auth.BasicAuth) error {
// Register the handler for the containers and docker age.
if authenticator != nil {
mux.HandleFunc(ContainersPage, authenticator.Wrap(containerHandler(containerManager)))
mux.HandleFunc(DockerPage, authenticator.Wrap(dockerHandler(containerManager)))
} else {
mux.HandleFunc(ContainersPage, containerHandlerNoAuth(containerManager))
mux.HandleFunc(DockerPage, dockerHandlerNoAuth(containerManager))
}
return nil
}
func getContainerDisplayName(cont info.ContainerReference) string {
// Pick a user-added alias as display name.
displayName := ""
for _, alias := range cont.Aliases {
// ignore container id as alias.
if strings.Contains(cont.Name, alias) {
continue
}
// pick shortest display name if multiple aliases are available.
if displayName == "" || len(displayName) >= len(alias) {
displayName = alias
}
}
if displayName == "" {
displayName = cont.Name
} else if len(displayName) > 50 {
// truncate display name to fit in one line.
displayName = displayName[:50] + "..."
}
// Add the full container name to the display name.
if displayName != cont.Name {
displayName = fmt.Sprintf("%s (%s)", displayName, cont.Name)
}
return displayName
}
// Escape the non-path characters on a container name.
func escapeContainerName(containerName string) string {
parts := strings.Split(containerName, "/")
for i := range parts {
parts[i] = url.QueryEscape(parts[i])
}
return strings.Join(parts, "/")
}
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = [
"assets.go",
"static.go",
],
importmap = "k8s.io/kubernetes/vendor/github.com/google/cadvisor/pages/static",
importpath = "github.com/google/cadvisor/pages/static",
visibility = ["//visibility:public"],
deps = ["//vendor/github.com/golang/glog:go_default_library"],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)
This source diff could not be displayed because it is too large. You can view the blob instead.
// Copyright 2014 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Handler for /static content.
package static
import (
"fmt"
"mime"
"net/http"
"net/url"
"path"
"github.com/golang/glog"
)
const StaticResource = "/static/"
var popper, _ = Asset("pages/assets/js/popper.min.js")
var bootstrapJs, _ = Asset("pages/assets/js/bootstrap-4.0.0-beta.2.min.js")
var containersJs, _ = Asset("pages/assets/js/containers.js")
var gchartsJs, _ = Asset("pages/assets/js/gcharts.js")
var googleJsapiJs, _ = Asset("pages/assets/js/google-jsapi.js")
var jqueryJs, _ = Asset("pages/assets/js/jquery-3.0.0.min.js")
var bootstrapCss, _ = Asset("pages/assets/styles/bootstrap-4.0.0-beta.2.min.css")
var bootstrapThemeCss, _ = Asset("pages/assets/styles/bootstrap-theme-3.1.1.min.css")
var containersCss, _ = Asset("pages/assets/styles/containers.css")
var staticFiles = map[string][]byte{
"popper.min.js": popper,
"bootstrap-4.0.0-beta.2.min.css": bootstrapCss,
"bootstrap-4.0.0-beta.2.min.js": bootstrapJs,
"bootstrap-theme-3.1.1.min.css": bootstrapThemeCss,
"containers.css": containersCss,
"containers.js": containersJs,
"gcharts.js": gchartsJs,
"google-jsapi.js": googleJsapiJs,
"jquery-3.0.0.min.js": jqueryJs,
}
func HandleRequest(w http.ResponseWriter, u *url.URL) {
if len(u.Path) <= len(StaticResource) {
http.Error(w, fmt.Sprintf("unknown static resource %q", u.Path), http.StatusNotFound)
return
}
// Get the static content if it exists.
resource := u.Path[len(StaticResource):]
content, ok := staticFiles[resource]
if !ok {
http.Error(w, fmt.Sprintf("unknown static resource %q", u.Path), http.StatusNotFound)
return
}
// Set Content-Type if we were able to detect it.
contentType := mime.TypeByExtension(path.Ext(resource))
if contentType != "" {
w.Header().Set("Content-Type", contentType)
}
if _, err := w.Write(content); err != nil {
glog.Errorf("Failed to write response: %v", err)
}
}
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = ["validate.go"],
importmap = "k8s.io/kubernetes/vendor/github.com/google/cadvisor/validate",
importpath = "github.com/google/cadvisor/validate",
visibility = ["//visibility:public"],
deps = [
"//vendor/github.com/google/cadvisor/container/docker:go_default_library",
"//vendor/github.com/google/cadvisor/manager:go_default_library",
"//vendor/github.com/google/cadvisor/utils:go_default_library",
"//vendor/github.com/opencontainers/runc/libcontainer/cgroups:go_default_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment