upstream/terraform
1
0
Fork 0
mirror of https://github.com/hashicorp/terraform.git synced 2026-06-09 00:42:48 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
terraform/internal/rpcapi/plugin.go

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

136 lines
5.3 KiB
Go
Raw Permalink Normal View History

rpcapi: Add HashiCorp copyright comments
2023-09-27 19:59:02 -04:00
// Copyright IBM Corp. 2014, 2026
// SPDX-License-Identifier: BUSL-1.1
rpcapi: Initial stubbing of the plugin server setup
2023-06-06 19:05:22 -04:00
package rpcapi
import (
"context"
"fmt"
"github.com/hashicorp/go-plugin"
feat(stacks): add CLI config in RPC API handshake (#35146) Adds support for including fields typically found in the Terraform CLI configuration in the RPC API handshake. This allows us to include global configuration arguments that impact the RPC API session without requiring instrumentation for each RPC service. The new Config struct currently supports only service discovery credentials, but it can be expanded in the future.
2024-05-17 19:59:17 -04:00
svchost "github.com/hashicorp/terraform-svchost"
"github.com/hashicorp/terraform-svchost/auth"
rpcapi: Dependencies service provider installation and cache mgmt This implements the rpcapi operations for building and manipulating provider plugin cache directories, which in later commits we'll be able to pass to some of the Stacks service operations so that the stacks runtime can work with non-builtin providers.
2023-08-17 12:35:48 -04:00
"github.com/hashicorp/terraform-svchost/disco"
stacks: add the packages service to the rpc api (#34319) * stacks: add the packages service to the rpc api * go generate
2023-11-30 03:08:51 -05:00
"google.golang.org/grpc"
stacks: load credentials from config file on startup (#35952) * stacks: load credentials from config file on startup * delete unneeded file
2024-11-05 10:13:08 -05:00
"github.com/hashicorp/terraform/internal/command/cliconfig"
pluginDiscovery "github.com/hashicorp/terraform/internal/plugin/discovery"
rpcapi: A different approach to late server initialization Previously we were trying to add new services to the gRPC server after it was already running, which worked okay in the contrived fake setup I was using to test it in isolation but is rejected by the real gRPC server implementation, which requires all service registration to happen prior to starting the server. Instead then, we'll use some wrapper server implementations that initially just return "Unavailable" errors for every request but can then be tardily initialized with a real server implementation that takes over serving requests once registered. This involves some gnarly code generation for the wrapper server implementations because this situation is beyond the current capabilities of Go generics. The code generator implementation is pretty gross but this approach was the least horrible of various other things I tried in order to avoid writing a code generator. The code generator may need some additional work later once we introduce our first streaming RPC function, but after that it should hopefully remain unchanged for a long time as long as we stick to the current API design idiom for future services.
2023-06-16 20:14:31 -04:00
"github.com/hashicorp/terraform/internal/rpcapi/dynrpcserver"
stacks: split the terraform1 RPC package into per-service packages (#35513) * stacks: split the terraform1 RPC package into per-service packages * pull latest changes
2024-08-07 11:33:51 -04:00
"github.com/hashicorp/terraform/internal/rpcapi/terraform1/dependencies"
"github.com/hashicorp/terraform/internal/rpcapi/terraform1/packages"
"github.com/hashicorp/terraform/internal/rpcapi/terraform1/setup"
"github.com/hashicorp/terraform/internal/rpcapi/terraform1/stacks"
rpcapi: Initial stubbing of the plugin server setup
2023-06-06 19:05:22 -04:00
)
type corePlugin struct {
plugin.Plugin
rpcapi: Now wired up to the "terraform rpcapi" plumbing command This doesn't actually do anything useful yet, but this does at least make the RPC server accessible to external callers where they can handshake and then get an error saying that nothing else is implemented.
2023-06-06 19:58:33 -04:00
experimentsAllowed bool
rpcapi: Initial stubbing of the plugin server setup
2023-06-06 19:05:22 -04:00
}
func (p *corePlugin) GRPCClient(ctx context.Context, broker *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error) {
// This codebase only provides a server implementation of this plugin.
// Clients must live elsewhere.
return nil, fmt.Errorf("there is no client implementation in this codebase")
}
func (p *corePlugin) GRPCServer(broker *plugin.GRPCBroker, s *grpc.Server) error {
rpcapi+stacks: Stacks runtime can see whether experiments are allowed We allow experiments only in alpha builds, and so we propagate the flag for whether that's allowed in from "package main". We previously had that plumbed in only as far as the rpcapi startup. This plumbs the flag all the way into package stackeval so that we can in turn propagate it to Terraform's module config loader, which is ultimately the one responsible for ensuring that language experiments can be enabled only when the flag is set. Therefore it will now be possible to opt in to language experiments in modules that are used in stack components.
2024-02-09 21:12:52 -05:00
generalOpts := &serviceOpts{
experimentsAllowed: p.experimentsAllowed,
}
registerGRPCServices(s, generalOpts)
rpcapi: NewInternalClient returns a socketless RPC client Right now we are only using rpcapi from external callers inside Terraform Cloud, but in the long run we will also want to expose equivalent functionality through Terraform CLI. rpcapi.NewInternalClient provides a relatively-lightweight way to achieve that without requiring a child process and sockets. Instead, it just allocates a buffer and passes gRPC messages between client and server using that buffer. This is of course still not as efficient as a direct function call, but the kinds of operations that RPC API exposes tend to have far more expensive elements than the RPC call itself, and using the RPC protocol as the internal API should begin to establish a more explicit architecture boundary between Terraform CLI and Terraform Core, so that clients of the RPC API have the same level of access to Terraform Core as the CLI workflow does. So far we don't have any internal callers for this because nothing in the RPC API has a corresponding CLI entry point. The first callers of this internal RPC interface will probably be the commands providing the CLI-driven development workflow for stacks.
2023-09-16 18:35:19 -04:00
return nil
}
rpcapi+stacks: Stacks runtime can see whether experiments are allowed We allow experiments only in alpha builds, and so we propagate the flag for whether that's allowed in from "package main". We previously had that plumbed in only as far as the rpcapi startup. This plumbs the flag all the way into package stackeval so that we can in turn propagate it to Terraform's module config loader, which is ultimately the one responsible for ensuring that language experiments can be enabled only when the flag is set. Therefore it will now be possible to opt in to language experiments in modules that are used in stack components.
2024-02-09 21:12:52 -05:00
func registerGRPCServices(s *grpc.Server, opts *serviceOpts) {
rpcapi: Initial stubbing of the plugin server setup
2023-06-06 19:05:22 -04:00
// We initially only register the setup server, because the registration
// of other services can vary depending on the capabilities negotiated
// during handshake.
stacks: split the terraform1 RPC package into per-service packages (#35513) * stacks: split the terraform1 RPC package into per-service packages * pull latest changes
2024-08-07 11:33:51 -04:00
server := newSetupServer(serverHandshake(s, opts))
setup.RegisterSetupServer(s, server)
rpcapi: Initial stubbing of the plugin server setup
2023-06-06 19:05:22 -04:00
}
stacks: split the terraform1 RPC package into per-service packages (#35513) * stacks: split the terraform1 RPC package into per-service packages * pull latest changes
2024-08-07 11:33:51 -04:00
func serverHandshake(s *grpc.Server, opts *serviceOpts) func(context.Context, *setup.Handshake_Request, *stopper) (*setup.ServerCapabilities, error) {
dependenciesStub := dynrpcserver.NewDependenciesStub()
dependencies.RegisterDependenciesServer(s, dependenciesStub)
stacksStub := dynrpcserver.NewStacksStub()
stacks.RegisterStacksServer(s, stacksStub)
packagesStub := dynrpcserver.NewPackagesStub()
packages.RegisterPackagesServer(s, packagesStub)
rpcapi: A different approach to late server initialization Previously we were trying to add new services to the gRPC server after it was already running, which worked okay in the contrived fake setup I was using to test it in isolation but is rejected by the real gRPC server implementation, which requires all service registration to happen prior to starting the server. Instead then, we'll use some wrapper server implementations that initially just return "Unavailable" errors for every request but can then be tardily initialized with a real server implementation that takes over serving requests once registered. This involves some gnarly code generation for the wrapper server implementations because this situation is beyond the current capabilities of Go generics. The code generator implementation is pretty gross but this approach was the least horrible of various other things I tried in order to avoid writing a code generator. The code generator may need some additional work later once we introduce our first streaming RPC function, but after that it should hopefully remain unchanged for a long time as long as we stick to the current API design idiom for future services.
2023-06-16 20:14:31 -04:00
stacks: split the terraform1 RPC package into per-service packages (#35513) * stacks: split the terraform1 RPC package into per-service packages * pull latest changes
2024-08-07 11:33:51 -04:00
return func(ctx context.Context, request *setup.Handshake_Request, stopper *stopper) (*setup.ServerCapabilities, error) {
rpcapi: Management of "handles" As with many other systems that involve a client indirectly manipulating objects on the other side of a trust boundary, we're going to use opaque "handles" to represent objects that remain active on the server side between different RPC API calls. A handle is just a 64-bit integer corresponding to an entry in a lookup table maintained by the server, in the "handleTable" type. In the public API we don't make any promises about uniqueness of handles between different types of objects, but to minimize the impact of client bugs we'll internally ensure that we never issue the same handle number for two objects of different types. This means that a client getting their handles mixed up will typically cause an explicit error rather than just doing something weird with an unrelated object that happened to have a matching handle. Our internal API for this will use explicit separate methods for each type of handle and use type parameters so that the Go compiler can call us out if we're inconsistent in how we're using the handles. From a client perspective though these all just layer to protobuf int64; clients might choose to add their own similar abstraction to track handle types, but that's their own business since we can't represent such things efficiently within the protocol buffers schema model. This commit includes initial implementations of Dependencies.OpenSourceBundle and Dependencies.CloseSourceBundle just as some initial evidence that this design works. We'll continue implementing the other real service functions in later commits once the basic infrastructure (like this) is in place.
2023-06-07 14:15:07 -04:00
// All of our servers will share a common handles table so that objects
// can be passed from one service to another.
handles := newHandleTable()
rpcapi: Initial stubbing of the plugin server setup
2023-06-06 19:05:22 -04:00
rpcapi: Dependencies service provider installation and cache mgmt This implements the rpcapi operations for building and manipulating provider plugin cache directories, which in later commits we'll be able to pass to some of the Stacks service operations so that the stacks runtime can work with non-builtin providers.
2023-08-17 12:35:48 -04:00
// NOTE: This is intentionally not the same disco that "package main"
// instantiates for Terraform CLI, because the RPC API is
// architecturally independent from CLI despite being launched through
// it, and so it is not subject to any ambient CLI configuration files
// that might be in scope. If we later discover requirements for
// callers to customize the service discovery settings, consider
// adding new fields to terraform1.ClientCapabilities (even though
// this isn't strictly a "capability") so that the RPC caller has
// full control without needing to also tinker with the current user's
// CLI configuration.
feat(stacks): add CLI config in RPC API handshake (#35146) Adds support for including fields typically found in the Terraform CLI configuration in the RPC API handshake. This allows us to include global configuration arguments that impact the RPC API session without requiring instrumentation for each RPC service. The new Config struct currently supports only service discovery credentials, but it can be expanded in the future.
2024-05-17 19:59:17 -04:00
services, err := newServiceDisco(request.GetConfig())
if err != nil {
stacks: split the terraform1 RPC package into per-service packages (#35513) * stacks: split the terraform1 RPC package into per-service packages * pull latest changes
2024-08-07 11:33:51 -04:00
return &setup.ServerCapabilities{}, err
feat(stacks): add CLI config in RPC API handshake (#35146) Adds support for including fields typically found in the Terraform CLI configuration in the RPC API handshake. This allows us to include global configuration arguments that impact the RPC API session without requiring instrumentation for each RPC service. The new Config struct currently supports only service discovery credentials, but it can be expanded in the future.
2024-05-17 19:59:17 -04:00
}
rpcapi: Dependencies service provider installation and cache mgmt This implements the rpcapi operations for building and manipulating provider plugin cache directories, which in later commits we'll be able to pass to some of the Stacks service operations so that the stacks runtime can work with non-builtin providers.
2023-08-17 12:35:48 -04:00
rpcapi: Initial stubbing of the plugin server setup
2023-06-06 19:05:22 -04:00
// If handshaking is successful (which it currently always is, because
// we don't have any special capabilities to negotiate yet) then we
rpcapi: Dependencies: new API schema for provider dependency handling This does not include any implementation of this new API surface; that will follow in subsequent commits.
2023-08-15 22:51:24 -04:00
// will initialize all of the other services so the client can begin
rpcapi: Now wired up to the "terraform rpcapi" plumbing command This doesn't actually do anything useful yet, but this does at least make the RPC server accessible to external callers where they can handshake and then get an error saying that nothing else is implemented.
2023-06-06 19:58:33 -04:00
// doing real work. In future the details of what we register here
// might vary based on the negotiated capabilities.
stacks: split the terraform1 RPC package into per-service packages (#35513) * stacks: split the terraform1 RPC package into per-service packages * pull latest changes
2024-08-07 11:33:51 -04:00
dependenciesStub.ActivateRPCServer(newDependenciesServer(handles, services))
migrate command for terraform stacks (#36482)
2025-03-19 05:39:50 -04:00
stacksStub.ActivateRPCServer(newStacksServer(stopper, handles, services, opts))
stacks: split the terraform1 RPC package into per-service packages (#35513) * stacks: split the terraform1 RPC package into per-service packages * pull latest changes
2024-08-07 11:33:51 -04:00
packagesStub.ActivateRPCServer(newPackagesServer(services))
rpcapi: A different approach to late server initialization Previously we were trying to add new services to the gRPC server after it was already running, which worked okay in the contrived fake setup I was using to test it in isolation but is rejected by the real gRPC server implementation, which requires all service registration to happen prior to starting the server. Instead then, we'll use some wrapper server implementations that initially just return "Unavailable" errors for every request but can then be tardily initialized with a real server implementation that takes over serving requests once registered. This involves some gnarly code generation for the wrapper server implementations because this situation is beyond the current capabilities of Go generics. The code generator implementation is pretty gross but this approach was the least horrible of various other things I tried in order to avoid writing a code generator. The code generator may need some additional work later once we introduce our first streaming RPC function, but after that it should hopefully remain unchanged for a long time as long as we stick to the current API design idiom for future services.
2023-06-16 20:14:31 -04:00
// If the client requested any extra capabililties that we're going
// to honor then we should announce them in this result.
stacks: split the terraform1 RPC package into per-service packages (#35513) * stacks: split the terraform1 RPC package into per-service packages * pull latest changes
2024-08-07 11:33:51 -04:00
return &setup.ServerCapabilities{}, nil
rpcapi: Initial stubbing of the plugin server setup
2023-06-06 19:05:22 -04:00
}
}
rpcapi+stacks: Stacks runtime can see whether experiments are allowed We allow experiments only in alpha builds, and so we propagate the flag for whether that's allowed in from "package main". We previously had that plumbed in only as far as the rpcapi startup. This plumbs the flag all the way into package stackeval so that we can in turn propagate it to Terraform's module config loader, which is ultimately the one responsible for ensuring that language experiments can be enabled only when the flag is set. Therefore it will now be possible to opt in to language experiments in modules that are used in stack components.
2024-02-09 21:12:52 -05:00
// serviceOpts are options that could potentially apply to all of our
// individual RPC services.
//
// This could potentially be embedded inside a service-specific options
// structure, if needed.
type serviceOpts struct {
experimentsAllowed bool
}
feat(stacks): add CLI config in RPC API handshake (#35146) Adds support for including fields typically found in the Terraform CLI configuration in the RPC API handshake. This allows us to include global configuration arguments that impact the RPC API session without requiring instrumentation for each RPC service. The new Config struct currently supports only service discovery credentials, but it can be expanded in the future.
2024-05-17 19:59:17 -04:00
stacks: split the terraform1 RPC package into per-service packages (#35513) * stacks: split the terraform1 RPC package into per-service packages * pull latest changes
2024-08-07 11:33:51 -04:00
func newServiceDisco(config *setup.Config) (*disco.Disco, error) {
stacks: load credentials from config file on startup (#35952) * stacks: load credentials from config file on startup * delete unneeded file
2024-11-05 10:13:08 -05:00
// First, we'll try and load any credentials that might have been available
// to the UI. It's perfectly fine if there are none so any errors we find
// are from malformed credentials rather than missing ones.
feat(stacks): add CLI config in RPC API handshake (#35146) Adds support for including fields typically found in the Terraform CLI configuration in the RPC API handshake. This allows us to include global configuration arguments that impact the RPC API session without requiring instrumentation for each RPC service. The new Config struct currently supports only service discovery credentials, but it can be expanded in the future.
2024-05-17 19:59:17 -04:00
stacks: load credentials from config file on startup (#35952) * stacks: load credentials from config file on startup * delete unneeded file
2024-11-05 10:13:08 -05:00
file, diags := cliconfig.LoadConfig()
if diags.HasErrors() {
return nil, fmt.Errorf("problem loading CLI configuration: %w", diags.ErrWithWarnings())
}
helperPlugins := pluginDiscovery.FindPlugins("credentials", cliconfig.GlobalPluginDirs())
src, err := file.CredentialsSource(helperPlugins)
if err != nil {
return nil, fmt.Errorf("problem creating credentials source: %w", err)
}
services := disco.NewWithCredentialsSource(src)
// Second, we'll side-load any credentials that might have been passed in.
credSrc := services.CredentialsSource()
feat(stacks): add CLI config in RPC API handshake (#35146) Adds support for including fields typically found in the Terraform CLI configuration in the RPC API handshake. This allows us to include global configuration arguments that impact the RPC API session without requiring instrumentation for each RPC service. The new Config struct currently supports only service discovery credentials, but it can be expanded in the future.
2024-05-17 19:59:17 -04:00
if config != nil {
for host, cred := range config.GetCredentials() {
if err := credSrc.StoreForHost(svchost.Hostname(host), auth.HostCredentialsToken(cred.Token)); err != nil {
return nil, fmt.Errorf("problem storing credential for host %s with: %w", host, err)
}
}
services.SetCredentialsSource(credSrc)
}
return services, nil
}
Reference in a new issue Copy permalink