-
Notifications
You must be signed in to change notification settings - Fork 3.8k
/
env.go
386 lines (351 loc) · 11.1 KB
/
env.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
// Copyright 2016 The Cockroach Authors.
//
// Use of this software is governed by the Business Source License
// included in the file licenses/BSL.txt.
//
// As of the Change Date specified in that file, in accordance with
// the Business Source License, use of this software will be governed
// by the Apache License, Version 2.0, included in the file
// licenses/APL.txt.
package envutil
import (
"bytes"
"fmt"
"os"
"os/user"
"runtime"
"sort"
"strconv"
"strings"
"time"
"github.com/cockroachdb/cockroach/pkg/util/humanizeutil"
"github.com/cockroachdb/cockroach/pkg/util/syncutil"
"github.com/cockroachdb/redact"
)
type envVarInfo struct {
consumer string
present bool
value string
}
var envVarRegistry struct {
mu syncutil.Mutex
cache map[string]envVarInfo
}
func init() {
ClearEnvCache()
}
func checkVarName(name string) {
// Env vars must:
// - start with COCKROACH_
// - be uppercase
// - only contain letters, digits, and _
valid := strings.HasPrefix(name, "COCKROACH_")
for i := 0; valid && i < len(name); i++ {
c := name[i]
valid = ((c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || c == '_')
}
if !valid {
panic("invalid env var name " + name)
}
}
// getEnv retrieves an environment variable, keeps track of where
// it was accessed, and checks that each environment variable is accessed
// from at most one place.
// The bookkeeping enables a report of all influential environment
// variables with "cockroach debug env". To keep this report useful,
// all relevant environment variables should be read during start up.
func getEnv(varName string, depth int) (string, bool) {
_, consumer, _, _ := runtime.Caller(depth + 1)
checkVarName(varName)
envVarRegistry.mu.Lock()
defer envVarRegistry.mu.Unlock()
if f, ok := envVarRegistry.cache[varName]; ok {
if f.consumer != consumer {
panic("environment variable " + varName + " already used from " + f.consumer)
}
return f.value, f.present
}
v, found := os.LookupEnv(varName)
envVarRegistry.cache[varName] = envVarInfo{consumer: consumer, present: found, value: v}
return v, found
}
// ClearEnvCache clears saved environment values so that
// a new read access the environment again. (Used for testing)
func ClearEnvCache() {
envVarRegistry.mu.Lock()
defer envVarRegistry.mu.Unlock()
envVarRegistry.cache = make(map[string]envVarInfo)
}
// GetEnvReport dumps all configuration variables that may have been
// used and their value.
func GetEnvReport() string {
envVarRegistry.mu.Lock()
defer envVarRegistry.mu.Unlock()
var b bytes.Buffer
for k, v := range envVarRegistry.cache {
if v.present {
fmt.Fprintf(&b, "%s = %s # %s\n", k, v.value, v.consumer)
} else {
fmt.Fprintf(&b, "# %s is not set (read from %s)\n", k, v.consumer)
}
}
return b.String()
}
// GetEnvVarsUsed returns the names of all environment variables that
// may have been used.
func GetEnvVarsUsed() (result []redact.RedactableString) {
allVarsRaw := os.Environ()
sort.Strings(allVarsRaw)
allVarsValues := make(map[redact.SafeString]string, len(allVarsRaw))
allVarNames := make([]redact.SafeString, 0, len(allVarsRaw))
for _, v := range allVarsRaw {
i := strings.IndexByte(v, '=')
if i < 0 {
continue
}
varName := redact.SafeString(v[:i])
allVarNames = append(allVarNames, varName)
var value string
if i+1 < len(v) {
value = v[i+1:]
}
allVarsValues[varName] = value
}
envVarRegistry.mu.Lock()
defer envVarRegistry.mu.Unlock()
for _, varName := range allVarNames {
_, crdbVar := envVarRegistry.cache[string(varName)]
_, safeVar := safeVarRegistry[varName]
if crdbVar || safeVar {
result = append(result, redact.Sprintf("%s=%s", varName, redact.Safe(allVarsValues[varName])))
} else if _, reportable := valueReportableUnsafeVarRegistry[varName]; reportable {
result = append(result, redact.Sprintf("%s=%s", varName, allVarsValues[varName]))
} else if _, reportable := nameReportableUnsafeVarRegistry[varName]; reportable {
result = append(result, redact.Sprintf("%s=...", varName))
}
// For any env var just the name could contain too many sensitive details and we
// don't really want them to show up in logs.
}
return result
}
// safeVarRegistry is the list of variables where we can both report
// the name and the value safely: the value is known to never contain
// sensitive information.
var safeVarRegistry = map[redact.SafeString]struct{}{
"GOGC": {},
"GODEBUG": {},
"GOMAXPROCS": {},
"GOTRACEBACK": {},
}
// valueReportableUnsafeVarRegistry is the list of variables where we can
// report the name safely, and the value as a redactable payload.
// The value may contain sensitive information, but not so sensitive
// that users would be unhappy to see them enclosed within redaction
// markers in log files.
var valueReportableUnsafeVarRegistry = map[redact.SafeString]struct{}{
"DEBUG_HTTP2_GOROUTINES": {},
"GRPC_GO_LOG_SEVERITY_LEVEL": {},
"GRPC_GO_LOG_VERBOSITY_LEVEL": {},
"LANG": {},
"LC_ALL": {},
"LC_COLLATE": {},
"LC_CTYPE": {},
"LC_TIME": {},
"LC_NUMERIC": {},
"LC_MESSAGES": {},
"LS_METRICS_ENABLED": {},
"TERM": {},
"TZ": {},
"ZONEINFO": {},
// From the Go runtime.
"LOCALDOMAIN": {},
"RES_OPTIONS": {},
"HOSTALIASES": {},
"HTTP_PROXY": {},
"HTTPS_PROXY": {},
"NO_PROXY": {},
"REQUEST_METHOD": {},
}
// nameReportableUnsafeVarRegistry is the list of variables where we can
// report the name safely, but not the value in any form because it is
// too likely to contain an unsafe payload that users would be horrified
// to see in a log file, redaction markers or not.
var nameReportableUnsafeVarRegistry = map[redact.SafeString]struct{}{
// GCP.
"GOOGLE_API_USE_MTLS": {},
"GOOGLE_CLOUD_PROJECT": {},
// AWS.
"AWS_ACCESS_KEY": {},
"AWS_ACCESS_KEY_ID": {},
"AWS_PROFILE": {},
"AWS_REGION": {},
"AWS_SDK_LOAD_CONFIG": {},
"AWS_SECRET_ACCESS_KEY": {},
"AWS_SECRET_KEY": {},
"AWS_SESSION_TOKEN": {},
"AWS_SHARED_CREDENTIALS_FILE": {},
// Azure.
"AZURE_ACCESS_TOKEN_FILE": {},
"AZURE_AUTH_LOCATION": {},
"AZURE_CONFIG_DIR": {},
"AZURE_GO_SDK_LOG_FILE": {},
"AZURE_GO_SDK_LOG_LEVEL": {},
// Google auth.
"GAE_APPLICATION": {},
"GAE_DEPLOYMENT_ID": {},
"GAE_ENV": {},
"GAE_INSTANCE": {},
"GAE_LONG_APP_ID": {},
"GAE_MINOR_VERSION": {},
"GAE_MODULE_INSTANCE": {},
"GAE_MODULE_NAME": {},
"GAE_PARTITION": {},
"GAE_SERVICE": {},
// gRPC.
"GRPC_GO_LOG_SEVERITY_LEVEL": {},
"GRPC_GO_LOG_VERBOSITY_LEVEL": {},
// Kerberos.
"KRB5CCNAME": {},
// Pprof.
"PPROF_BINARY_PATH": {},
"PPROF_TMPDIR": {},
"PPROF_TOOLS": {},
// Sentry-go.
"SENTRY_RELEASE": {},
}
// GetShellCommand returns a complete command to run with a prefix of the command line.
func GetShellCommand(cmd string) []string {
if runtime.GOOS == "windows" {
if shell := os.Getenv("COMSPEC"); len(shell) > 0 {
return []string{shell, "/C", cmd}
}
return []string{`C:\Windows\system32\cmd.exe`, "/C", cmd}
}
if shell := os.Getenv("SHELL"); len(shell) > 0 {
return []string{shell, "-c", cmd}
}
return []string{"/bin/sh", "-c", cmd}
}
// HomeDir returns the user's home directory, as determined by the env
// var HOME, if it exists, and otherwise the system's idea of the user
// configuration (e.g. on non-UNIX systems).
func HomeDir() (string, error) {
if homeDir := os.Getenv("HOME"); len(homeDir) > 0 {
return homeDir, nil
}
userAcct, err := user.Current()
if err != nil {
return "", err
}
return userAcct.HomeDir, nil
}
// EnvString returns the value set by the specified environment variable. The
// depth argument indicates the stack depth of the caller that should be
// associated with the variable.
// The returned boolean flag indicates if the variable is set.
func EnvString(name string, depth int) (string, bool) {
return getEnv(name, depth+1)
}
// EnvOrDefaultString returns the value set by the specified
// environment variable, if any, otherwise the specified default
// value.
func EnvOrDefaultString(name string, value string) string {
if v, present := getEnv(name, 1); present {
return v
}
return value
}
// EnvOrDefaultBool returns the value set by the specified environment
// variable, if any, otherwise the specified default value.
func EnvOrDefaultBool(name string, value bool) bool {
if str, present := getEnv(name, 1); present {
v, err := strconv.ParseBool(str)
if err != nil {
panic(fmt.Sprintf("error parsing %s: %s", name, err))
}
return v
}
return value
}
// EnvOrDefaultInt returns the value set by the specified environment
// variable, if any, otherwise the specified default value.
func EnvOrDefaultInt(name string, value int) int {
if str, present := getEnv(name, 1); present {
v, err := strconv.ParseInt(str, 0, 0)
if err != nil {
panic(fmt.Sprintf("error parsing %s: %s", name, err))
}
return int(v)
}
return value
}
// EnvOrDefaultInt64 returns the value set by the specified environment
// variable, if any, otherwise the specified default value.
func EnvOrDefaultInt64(name string, value int64) int64 {
if str, present := getEnv(name, 1); present {
v, err := strconv.ParseInt(str, 0, 64)
if err != nil {
panic(fmt.Sprintf("error parsing %s: %s", name, err))
}
return v
}
return value
}
// EnvOrDefaultFloat64 returns the value set by the specified environment
// variable, if any, otherwise the specified default value.
func EnvOrDefaultFloat64(name string, value float64) float64 {
if str, present := getEnv(name, 1); present {
v, err := strconv.ParseFloat(str, 64)
if err != nil {
panic(fmt.Sprintf("error parsing %s: %s", name, err))
}
return v
}
return value
}
var _ = EnvOrDefaultFloat64 // silence unused warning
// EnvOrDefaultBytes returns the value set by the specified environment
// variable, if any, otherwise the specified default value.
func EnvOrDefaultBytes(name string, value int64) int64 {
if str, present := getEnv(name, 1); present {
v, err := humanizeutil.ParseBytes(str)
if err != nil {
panic(fmt.Sprintf("error parsing %s: %s", name, err))
}
return v
}
return value
}
// EnvOrDefaultDuration returns the value set by the specified environment
// variable, if any, otherwise the specified default value.
func EnvOrDefaultDuration(name string, value time.Duration) time.Duration {
if str, present := getEnv(name, 1); present {
v, err := time.ParseDuration(str)
if err != nil {
panic(fmt.Sprintf("error parsing %s: %s", name, err))
}
return v
}
return value
}
// TestSetEnv sets an environment variable and the cleanup function
// resets it to the original value.
func TestSetEnv(name string, value string) func() {
ClearEnvCache()
before, exists := os.LookupEnv(name)
if err := os.Setenv(name, value); err != nil {
panic(err)
}
return func() {
if exists {
if err := os.Setenv(name, before); err != nil {
panic(err)
}
} else {
if err := os.Unsetenv(name); err != nil {
panic(err)
}
}
ClearEnvCache()
}
}