135 строки
4.8 KiB
Go
135 строки
4.8 KiB
Go
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"io/ioutil"
|
|
"net/url"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"os"
|
|
|
|
"github.com/Azure/custom-script-extension-linux/pkg/blobutil"
|
|
"github.com/Azure/custom-script-extension-linux/pkg/download"
|
|
"github.com/Azure/custom-script-extension-linux/pkg/preprocess"
|
|
"github.com/Azure/custom-script-extension-linux/pkg/urlutil"
|
|
"github.com/go-kit/kit/log"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
// downloadAndProcessURL downloads using the specified downloader and saves it to the
|
|
// specified existing directory, which must be the path to the saved file. Then
|
|
// it post-processes file based on heuristics.
|
|
func downloadAndProcessURL(ctx *log.Context, url, downloadDir string, cfg *handlerSettings) error {
|
|
fn, err := urlToFileName(url)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if !urlutil.IsValidUrl(url) {
|
|
return fmt.Errorf("[REDACTED] is not a valid url")
|
|
}
|
|
|
|
dl, err := getDownloaders(url, cfg.StorageAccountName, cfg.StorageAccountKey, cfg.ManagedIdentity)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
fp := filepath.Join(downloadDir, fn)
|
|
const mode = 0500 // we assume users download scripts to execute
|
|
if _, err := download.SaveTo(ctx, dl, fp, mode); err != nil {
|
|
return err
|
|
}
|
|
|
|
if cfg.SkipDos2Unix == false {
|
|
err = postProcessFile(fp)
|
|
}
|
|
return errors.Wrapf(err, "failed to post-process '%s'", fn)
|
|
}
|
|
|
|
// getDownloader returns a downloader for the given URL based on whether the
|
|
// storage credentials are empty or not.
|
|
func getDownloaders(fileURL string, storageAccountName, storageAccountKey string, managedIdentity *clientOrObjectId) (
|
|
[]download.Downloader, error) {
|
|
if storageAccountName == "" || storageAccountKey == "" {
|
|
// storage account name and key cannot be specified with managed identity, handler settings validation won't allow that
|
|
// handler settings validation will also not allow storageAccountName XOR storageAccountKey == 1
|
|
// in this case, we can be sure that storage account name and key was not specified
|
|
if download.IsAzureStorageBlobUri(fileURL) && managedIdentity != nil {
|
|
// if managed identity was specified in the configuration, try to use it to download the files
|
|
var msiProvider download.MsiProvider
|
|
switch {
|
|
case managedIdentity.ClientId == "" && managedIdentity.ObjectId == "":
|
|
// get msi using clientId or objectId or implicitly
|
|
msiProvider = download.GetMsiProviderForStorageAccountsImplicitly(fileURL)
|
|
case managedIdentity.ClientId != "" && managedIdentity.ObjectId == "":
|
|
msiProvider = download.GetMsiProviderForStorageAccountsWithClientId(fileURL, managedIdentity.ClientId)
|
|
case managedIdentity.ClientId == "" && managedIdentity.ObjectId != "":
|
|
msiProvider = download.GetMsiProviderForStorageAccountsWithObjectId(fileURL, managedIdentity.ObjectId)
|
|
default:
|
|
return nil, fmt.Errorf("unexpected combination of ClientId and ObjectId found")
|
|
}
|
|
return []download.Downloader{
|
|
// try downloading without MSI token first, but attempt with MSI if the download fails
|
|
download.NewURLDownload(fileURL),
|
|
download.NewBlobWithMsiDownload(fileURL, msiProvider),
|
|
}, nil
|
|
} else {
|
|
// do not use MSI downloader if the uri is not azure storage blob, or managedIdentity isn't specified
|
|
return []download.Downloader{download.NewURLDownload(fileURL)}, nil
|
|
}
|
|
} else {
|
|
// if storage name account and key are specified, use that for all files
|
|
// this preserves old behavior
|
|
blob, err := blobutil.ParseBlobURL(fileURL)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return []download.Downloader{download.NewBlobDownload(
|
|
storageAccountName, storageAccountKey,
|
|
blob)}, nil
|
|
}
|
|
}
|
|
|
|
// urlToFileName parses given URL and returns the section after the last slash
|
|
// character of the path segment to be used as a file name. If a value is not
|
|
// found, an error is returned.
|
|
func urlToFileName(fileURL string) (string, error) {
|
|
u, err := url.Parse(fileURL)
|
|
if err != nil {
|
|
return "", errors.Wrapf(err, "unable to parse URL: %q", fileURL)
|
|
}
|
|
|
|
s := strings.Split(u.Path, "/")
|
|
if len(s) > 0 {
|
|
fn := s[len(s)-1]
|
|
if fn != "" {
|
|
return fn, nil
|
|
}
|
|
}
|
|
return "", fmt.Errorf("cannot extract file name from URL: %q", fileURL)
|
|
}
|
|
|
|
// postProcessFile determines if path is a script file based on heuristics
|
|
// and makes in-place changes to the file with some post-processing such as BOM
|
|
// and DOS-line endings fixes to make the script POSIX-friendly.
|
|
func postProcessFile(path string) error {
|
|
ok, err := preprocess.IsTextFile(path)
|
|
if err != nil {
|
|
return errors.Wrapf(err, "error determining if script is a text file")
|
|
}
|
|
if !ok {
|
|
return nil
|
|
}
|
|
|
|
b, err := ioutil.ReadFile(path) // read the file into memory for processing
|
|
if err != nil {
|
|
return errors.Wrapf(err, "error reading file")
|
|
}
|
|
b = preprocess.RemoveBOM(b)
|
|
b = preprocess.Dos2Unix(b)
|
|
|
|
err = ioutil.WriteFile(path, b, 0)
|
|
return errors.Wrap(os.Rename(path, path), "error writing file")
|
|
}
|