2017-08-03 17:24:27 +00:00
|
|
|
package postgresql
|
2016-01-20 00:00:09 +00:00
|
|
|
|
|
|
|
import (
|
2018-01-19 06:44:44 +00:00
|
|
|
"context"
|
2016-01-20 00:00:09 +00:00
|
|
|
"database/sql"
|
|
|
|
"fmt"
|
2017-07-17 17:04:49 +00:00
|
|
|
"strconv"
|
2016-01-20 00:00:09 +00:00
|
|
|
"strings"
|
|
|
|
"time"
|
|
|
|
|
2017-07-17 17:04:49 +00:00
|
|
|
"github.com/hashicorp/errwrap"
|
2017-08-03 17:24:27 +00:00
|
|
|
"github.com/hashicorp/vault/physical"
|
2016-08-19 20:45:17 +00:00
|
|
|
log "github.com/mgutz/logxi/v1"
|
|
|
|
|
2016-01-20 00:00:09 +00:00
|
|
|
"github.com/armon/go-metrics"
|
2016-01-22 16:47:02 +00:00
|
|
|
"github.com/lib/pq"
|
2016-01-20 00:00:09 +00:00
|
|
|
)
|
|
|
|
|
2018-01-20 01:44:24 +00:00
|
|
|
// Verify PostgreSQLBackend satisfies the correct interfaces
|
|
|
|
var _ physical.Backend = (*PostgreSQLBackend)(nil)
|
|
|
|
|
2016-01-20 00:00:09 +00:00
|
|
|
// PostgreSQL Backend is a physical backend that stores data
|
|
|
|
// within a PostgreSQL database.
|
|
|
|
type PostgreSQLBackend struct {
|
2016-05-26 23:07:21 +00:00
|
|
|
table string
|
|
|
|
client *sql.DB
|
|
|
|
put_query string
|
|
|
|
get_query string
|
|
|
|
delete_query string
|
|
|
|
list_query string
|
2016-08-19 20:45:17 +00:00
|
|
|
logger log.Logger
|
2017-08-03 17:24:27 +00:00
|
|
|
permitPool *physical.PermitPool
|
2016-01-20 00:00:09 +00:00
|
|
|
}
|
|
|
|
|
2017-08-03 17:24:27 +00:00
|
|
|
// NewPostgreSQLBackend constructs a PostgreSQL backend using the given
|
2016-01-20 00:00:09 +00:00
|
|
|
// API client, server address, credentials, and database.
|
2017-08-03 17:24:27 +00:00
|
|
|
func NewPostgreSQLBackend(conf map[string]string, logger log.Logger) (physical.Backend, error) {
|
2016-01-20 00:00:09 +00:00
|
|
|
// Get the PostgreSQL credentials to perform read/write operations.
|
|
|
|
connURL, ok := conf["connection_url"]
|
|
|
|
if !ok || connURL == "" {
|
|
|
|
return nil, fmt.Errorf("missing connection_url")
|
|
|
|
}
|
|
|
|
|
2016-01-22 16:47:02 +00:00
|
|
|
unquoted_table, ok := conf["table"]
|
2016-01-20 00:00:09 +00:00
|
|
|
if !ok {
|
2016-01-28 00:15:48 +00:00
|
|
|
unquoted_table = "vault_kv_store"
|
2016-01-20 17:47:54 +00:00
|
|
|
}
|
2016-01-22 16:47:02 +00:00
|
|
|
quoted_table := pq.QuoteIdentifier(unquoted_table)
|
2016-01-20 17:47:54 +00:00
|
|
|
|
2017-07-17 17:04:49 +00:00
|
|
|
maxParStr, ok := conf["max_parallel"]
|
|
|
|
var maxParInt int
|
|
|
|
var err error
|
|
|
|
if ok {
|
|
|
|
maxParInt, err = strconv.Atoi(maxParStr)
|
|
|
|
if err != nil {
|
|
|
|
return nil, errwrap.Wrapf("failed parsing max_parallel parameter: {{err}}", err)
|
|
|
|
}
|
|
|
|
if logger.IsDebug() {
|
|
|
|
logger.Debug("postgres: max_parallel set", "max_parallel", maxParInt)
|
|
|
|
}
|
|
|
|
} else {
|
2017-08-03 17:24:27 +00:00
|
|
|
maxParInt = physical.DefaultParallelOperations
|
2017-07-17 17:04:49 +00:00
|
|
|
}
|
|
|
|
|
2016-01-21 01:52:49 +00:00
|
|
|
// Create PostgreSQL handle for the database.
|
|
|
|
db, err := sql.Open("postgres", connURL)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to connect to postgres: %v", err)
|
|
|
|
}
|
2017-07-17 17:04:49 +00:00
|
|
|
db.SetMaxOpenConns(maxParInt)
|
2016-01-20 17:47:54 +00:00
|
|
|
|
2016-01-21 01:52:49 +00:00
|
|
|
// Determine if we should use an upsert function (versions < 9.5)
|
|
|
|
var upsert_required bool
|
2018-02-16 17:52:34 +00:00
|
|
|
upsert_required_query := "SELECT current_setting('server_version_num')::int < 90500"
|
2016-01-21 01:52:49 +00:00
|
|
|
if err := db.QueryRow(upsert_required_query).Scan(&upsert_required); err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to check for native upsert: %v", err)
|
|
|
|
}
|
2016-01-20 17:47:54 +00:00
|
|
|
|
2016-01-22 16:47:02 +00:00
|
|
|
// Setup our put strategy based on the presence or absence of a native
|
2016-01-23 00:15:10 +00:00
|
|
|
// upsert.
|
2016-05-26 23:07:21 +00:00
|
|
|
var put_query string
|
2016-01-21 01:52:49 +00:00
|
|
|
if upsert_required {
|
2016-05-26 23:07:21 +00:00
|
|
|
put_query = "SELECT vault_kv_put($1, $2, $3, $4)"
|
2016-01-21 01:52:49 +00:00
|
|
|
} else {
|
2016-05-26 23:07:21 +00:00
|
|
|
put_query = "INSERT INTO " + quoted_table + " VALUES($1, $2, $3, $4)" +
|
2016-01-29 20:47:10 +00:00
|
|
|
" ON CONFLICT (path, key) DO " +
|
|
|
|
" UPDATE SET (parent_path, path, key, value) = ($1, $2, $3, $4)"
|
2016-01-20 00:00:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Setup the backend.
|
|
|
|
m := &PostgreSQLBackend{
|
2016-05-26 23:07:21 +00:00
|
|
|
table: quoted_table,
|
|
|
|
client: db,
|
|
|
|
put_query: put_query,
|
|
|
|
get_query: "SELECT value FROM " + quoted_table + " WHERE path = $1 AND key = $2",
|
|
|
|
delete_query: "DELETE FROM " + quoted_table + " WHERE path = $1 AND key = $2",
|
2016-08-19 20:48:32 +00:00
|
|
|
list_query: "SELECT key FROM " + quoted_table + " WHERE path = $1" +
|
2017-02-17 14:14:11 +00:00
|
|
|
"UNION SELECT DISTINCT substring(substr(path, length($1)+1) from '^.*?/') FROM " +
|
2017-07-02 22:56:18 +00:00
|
|
|
quoted_table + " WHERE parent_path LIKE $1 || '%'",
|
2017-07-17 17:04:49 +00:00
|
|
|
logger: logger,
|
2017-08-03 17:24:27 +00:00
|
|
|
permitPool: physical.NewPermitPool(maxParInt),
|
2016-01-20 00:00:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return m, nil
|
|
|
|
}
|
|
|
|
|
2016-01-29 20:47:10 +00:00
|
|
|
// splitKey is a helper to split a full path key into individual
|
|
|
|
// parts: parentPath, path, key
|
|
|
|
func (m *PostgreSQLBackend) splitKey(fullPath string) (string, string, string) {
|
|
|
|
var parentPath string
|
|
|
|
var path string
|
|
|
|
|
|
|
|
pieces := strings.Split(fullPath, "/")
|
2016-04-24 00:16:00 +00:00
|
|
|
depth := len(pieces)
|
|
|
|
key := pieces[depth-1]
|
|
|
|
|
2016-01-29 20:47:10 +00:00
|
|
|
if depth == 1 {
|
|
|
|
parentPath = ""
|
2016-04-24 00:16:00 +00:00
|
|
|
path = "/"
|
2016-01-29 20:47:10 +00:00
|
|
|
} else if depth == 2 {
|
|
|
|
parentPath = "/"
|
2016-04-24 00:16:00 +00:00
|
|
|
path = "/" + pieces[0] + "/"
|
2016-01-29 20:47:10 +00:00
|
|
|
} else {
|
|
|
|
parentPath = "/" + strings.Join(pieces[:depth-2], "/") + "/"
|
2016-04-24 00:16:00 +00:00
|
|
|
path = "/" + strings.Join(pieces[:depth-1], "/") + "/"
|
2016-01-29 20:47:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return parentPath, path, key
|
|
|
|
}
|
|
|
|
|
2016-01-20 00:00:09 +00:00
|
|
|
// Put is used to insert or update an entry.
|
2018-01-19 06:44:44 +00:00
|
|
|
func (m *PostgreSQLBackend) Put(ctx context.Context, entry *physical.Entry) error {
|
2016-01-20 00:00:09 +00:00
|
|
|
defer metrics.MeasureSince([]string{"postgres", "put"}, time.Now())
|
|
|
|
|
2017-07-17 17:04:49 +00:00
|
|
|
m.permitPool.Acquire()
|
|
|
|
defer m.permitPool.Release()
|
|
|
|
|
2016-01-29 20:47:10 +00:00
|
|
|
parentPath, path, key := m.splitKey(entry.Key)
|
|
|
|
|
2016-05-26 23:07:21 +00:00
|
|
|
_, err := m.client.Exec(m.put_query, parentPath, path, key, entry.Value)
|
2016-01-20 00:00:09 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get is used to fetch and entry.
|
2018-01-19 06:44:44 +00:00
|
|
|
func (m *PostgreSQLBackend) Get(ctx context.Context, fullPath string) (*physical.Entry, error) {
|
2016-01-20 00:00:09 +00:00
|
|
|
defer metrics.MeasureSince([]string{"postgres", "get"}, time.Now())
|
|
|
|
|
2017-07-17 17:04:49 +00:00
|
|
|
m.permitPool.Acquire()
|
|
|
|
defer m.permitPool.Release()
|
|
|
|
|
2016-01-29 20:47:10 +00:00
|
|
|
_, path, key := m.splitKey(fullPath)
|
|
|
|
|
2016-01-20 00:00:09 +00:00
|
|
|
var result []byte
|
2016-05-26 23:07:21 +00:00
|
|
|
err := m.client.QueryRow(m.get_query, path, key).Scan(&result)
|
2016-01-20 00:00:09 +00:00
|
|
|
if err == sql.ErrNoRows {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2017-08-03 17:24:27 +00:00
|
|
|
ent := &physical.Entry{
|
2016-01-20 00:00:09 +00:00
|
|
|
Key: key,
|
|
|
|
Value: result,
|
|
|
|
}
|
|
|
|
return ent, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Delete is used to permanently delete an entry
|
2018-01-19 06:44:44 +00:00
|
|
|
func (m *PostgreSQLBackend) Delete(ctx context.Context, fullPath string) error {
|
2016-01-20 00:00:09 +00:00
|
|
|
defer metrics.MeasureSince([]string{"postgres", "delete"}, time.Now())
|
|
|
|
|
2017-07-17 17:04:49 +00:00
|
|
|
m.permitPool.Acquire()
|
|
|
|
defer m.permitPool.Release()
|
|
|
|
|
2016-01-29 20:47:10 +00:00
|
|
|
_, path, key := m.splitKey(fullPath)
|
|
|
|
|
2016-05-26 23:07:21 +00:00
|
|
|
_, err := m.client.Exec(m.delete_query, path, key)
|
2016-01-20 00:00:09 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// List is used to list all the keys under a given
|
|
|
|
// prefix, up to the next prefix.
|
2018-01-19 06:44:44 +00:00
|
|
|
func (m *PostgreSQLBackend) List(ctx context.Context, prefix string) ([]string, error) {
|
2016-01-20 00:00:09 +00:00
|
|
|
defer metrics.MeasureSince([]string{"postgres", "list"}, time.Now())
|
|
|
|
|
2017-07-17 17:04:49 +00:00
|
|
|
m.permitPool.Acquire()
|
|
|
|
defer m.permitPool.Release()
|
|
|
|
|
2016-08-19 20:48:32 +00:00
|
|
|
rows, err := m.client.Query(m.list_query, "/"+prefix)
|
2016-01-21 00:02:23 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
defer rows.Close()
|
2016-01-20 00:00:09 +00:00
|
|
|
|
|
|
|
var keys []string
|
|
|
|
for rows.Next() {
|
|
|
|
var key string
|
|
|
|
err = rows.Scan(&key)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to scan rows: %v", err)
|
|
|
|
}
|
|
|
|
|
2016-01-29 20:47:10 +00:00
|
|
|
keys = append(keys, key)
|
2016-01-20 00:00:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return keys, nil
|
|
|
|
}
|