open-vault/plugins/database/mongodb/connection_producer.go

package mongodb

import (
	"context"
	"crypto/tls"
	"encoding/base64"
	"encoding/json"
	"errors"
	"fmt"
	"net"
	"net/url"
	"strconv"
	"strings"
	"sync"
	"time"

	"github.com/hashicorp/vault/plugins/helper/database/connutil"
	"github.com/mitchellh/mapstructure"

	"gopkg.in/mgo.v2"
)

// mongoDBConnectionProducer implements ConnectionProducer and provides an
// interface for databases to make connections.
type mongoDBConnectionProducer struct {
	ConnectionURL string `json:"connection_url" structs:"connection_url" mapstructure:"connection_url"`
	WriteConcern  string `json:"write_concern" structs:"write_concern" mapstructure:"write_concern"`

	Initialized bool
	Type        string
	session     *mgo.Session
	safe        *mgo.Safe
	sync.Mutex
}

// Initialize parses connection configuration.
func (c *mongoDBConnectionProducer) Initialize(ctx context.Context, conf map[string]interface{}, verifyConnection bool) error {
	c.Lock()
	defer c.Unlock()

	err := mapstructure.WeakDecode(conf, c)
	if err != nil {
		return err
	}

	if len(c.ConnectionURL) == 0 {
		return fmt.Errorf("connection_url cannot be empty")
	}

	if c.WriteConcern != "" {
		input := c.WriteConcern

		// Try to base64 decode the input. If successful, consider the decoded
		// value as input.
		inputBytes, err := base64.StdEncoding.DecodeString(input)
		if err == nil {
			input = string(inputBytes)
		}

		concern := &mgo.Safe{}
		err = json.Unmarshal([]byte(input), concern)
		if err != nil {
			return fmt.Errorf("error mashalling write_concern: %s", err)
		}

		// Guard against empty, non-nil mgo.Safe object; we don't want to pass that
		// into mgo.SetSafe in Connection().
		if (mgo.Safe{} == *concern) {
			return fmt.Errorf("provided write_concern values did not map to any mgo.Safe fields")
		}
		c.safe = concern
	}

	// Set initialized to true at this point since all fields are set,
	// and the connection can be established at a later time.
	c.Initialized = true

	if verifyConnection {
		if _, err := c.Connection(ctx); err != nil {
			return fmt.Errorf("error verifying connection: %s", err)
		}

		if err := c.session.Ping(); err != nil {
			return fmt.Errorf("error verifying connection: %s", err)
		}
	}

	return nil
}

// Connection creates or returns an exisitng a database connection. If the session fails
// on a ping check, the session will be closed and then re-created.
func (c *mongoDBConnectionProducer) Connection(_ context.Context) (interface{}, error) {
	if !c.Initialized {
		return nil, connutil.ErrNotInitialized
	}

	if c.session != nil {
		if err := c.session.Ping(); err == nil {
			return c.session, nil
		}
		c.session.Close()
	}

	dialInfo, err := parseMongoURL(c.ConnectionURL)
	if err != nil {
		return nil, err
	}

	c.session, err = mgo.DialWithInfo(dialInfo)
	if err != nil {
		return nil, err
	}

	if c.safe != nil {
		c.session.SetSafe(c.safe)
	}

	c.session.SetSyncTimeout(1 * time.Minute)
	c.session.SetSocketTimeout(1 * time.Minute)

	return c.session, nil
}

// Close terminates the database connection.
func (c *mongoDBConnectionProducer) Close() error {
	c.Lock()
	defer c.Unlock()

	if c.session != nil {
		c.session.Close()
	}

	c.session = nil

	return nil
}

func parseMongoURL(rawURL string) (*mgo.DialInfo, error) {
	url, err := url.Parse(rawURL)
	if err != nil {
		return nil, err
	}

	info := mgo.DialInfo{
		Addrs:    strings.Split(url.Host, ","),
		Database: strings.TrimPrefix(url.Path, "/"),
		Timeout:  10 * time.Second,
	}

	if url.User != nil {
		info.Username = url.User.Username()
		info.Password, _ = url.User.Password()
	}

	query := url.Query()
	for key, values := range query {
		var value string
		if len(values) > 0 {
			value = values[0]
		}

		switch key {
		case "authSource":
			info.Source = value
		case "authMechanism":
			info.Mechanism = value
		case "gssapiServiceName":
			info.Service = value
		case "replicaSet":
			info.ReplicaSetName = value
		case "maxPoolSize":
			poolLimit, err := strconv.Atoi(value)
			if err != nil {
				return nil, errors.New("bad value for maxPoolSize: " + value)
			}
			info.PoolLimit = poolLimit
		case "ssl":
			// Unfortunately, mgo doesn't support the ssl parameter in its MongoDB URI parsing logic, so we have to handle that
			// ourselves. See https://github.com/go-mgo/mgo/issues/84
			ssl, err := strconv.ParseBool(value)
			if err != nil {
				return nil, errors.New("bad value for ssl: " + value)
			}
			if ssl {
				info.DialServer = func(addr *mgo.ServerAddr) (net.Conn, error) {
					return tls.Dial("tcp", addr.String(), &tls.Config{})
				}
			}
		case "connect":
			if value == "direct" {
				info.Direct = true
				break
			}
			if value == "replicaSet" {
				break
			}
			fallthrough
		default:
			return nil, errors.New("unsupported connection URL option: " + key + "=" + value)
		}
	}

	return &info, nil
}
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs 2017-05-11 21:38:54 +00:00			`package mongodb`

			`import (`
Database gRPC plugins (#3666) * Start work on context aware backends * Start work on moving the database plugins to gRPC in order to pass context * Add context to builtin database plugins * use byte slice instead of string * Context all the things * Move proto messages to the dbplugin package * Add a grpc mechanism for running backend plugins * Serve the GRPC plugin * Add backwards compatibility to the database plugins * Remove backend plugin changes * Remove backend plugin changes * Cleanup the transport implementations * If grpc connection is in an unexpected state restart the plugin * Fix tests * Fix tests * Remove context from the request object, replace it with context.TODO * Add a test to verify netRPC plugins still work * Remove unused mapstructure call * Code review fixes * Code review fixes * Code review fixes 2017-12-14 22:03:11 +00:00			`"context"`
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs 2017-05-11 21:38:54 +00:00			`"crypto/tls"`
Support MongoDB session-wide write concern (#3646) * Initial work on write concern support, set for the lifetime of the session * Add base64 encoded value support, include docs and tests * Handle error from json.Unmarshal, fix test and docs * Remove writeConcern struct, move JSON unmarshal to Initialize * Return error on empty mapping of write_concern into mgo.Safe struct 2017-12-05 20:31:01 +00:00			`"encoding/base64"`
			`"encoding/json"`
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs 2017-05-11 21:38:54 +00:00			`"errors"`
			`"fmt"`
			`"net"`
			`"net/url"`
			`"strconv"`
			`"strings"`
			`"sync"`
			`"time"`

			`"github.com/hashicorp/vault/plugins/helper/database/connutil"`
			`"github.com/mitchellh/mapstructure"`

			`"gopkg.in/mgo.v2"`
			`)`

			`// mongoDBConnectionProducer implements ConnectionProducer and provides an`
			`// interface for databases to make connections.`
			`type mongoDBConnectionProducer struct {`
			ConnectionURL string `json:"connection_url" structs:"connection_url" mapstructure:"connection_url"`
Support MongoDB session-wide write concern (#3646) * Initial work on write concern support, set for the lifetime of the session * Add base64 encoded value support, include docs and tests * Handle error from json.Unmarshal, fix test and docs * Remove writeConcern struct, move JSON unmarshal to Initialize * Return error on empty mapping of write_concern into mgo.Safe struct 2017-12-05 20:31:01 +00:00			WriteConcern string `json:"write_concern" structs:"write_concern" mapstructure:"write_concern"`
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs 2017-05-11 21:38:54 +00:00
			`Initialized bool`
			`Type string`
			`session *mgo.Session`
Support MongoDB session-wide write concern (#3646) * Initial work on write concern support, set for the lifetime of the session * Add base64 encoded value support, include docs and tests * Handle error from json.Unmarshal, fix test and docs * Remove writeConcern struct, move JSON unmarshal to Initialize * Return error on empty mapping of write_concern into mgo.Safe struct 2017-12-05 20:31:01 +00:00			`safe *mgo.Safe`
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs 2017-05-11 21:38:54 +00:00			`sync.Mutex`
			`}`

			`// Initialize parses connection configuration.`
Database gRPC plugins (#3666) * Start work on context aware backends * Start work on moving the database plugins to gRPC in order to pass context * Add context to builtin database plugins * use byte slice instead of string * Context all the things * Move proto messages to the dbplugin package * Add a grpc mechanism for running backend plugins * Serve the GRPC plugin * Add backwards compatibility to the database plugins * Remove backend plugin changes * Remove backend plugin changes * Cleanup the transport implementations * If grpc connection is in an unexpected state restart the plugin * Fix tests * Fix tests * Remove context from the request object, replace it with context.TODO * Add a test to verify netRPC plugins still work * Remove unused mapstructure call * Code review fixes * Code review fixes * Code review fixes 2017-12-14 22:03:11 +00:00			`func (c *mongoDBConnectionProducer) Initialize(ctx context.Context, conf map[string]interface{}, verifyConnection bool) error {`
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs 2017-05-11 21:38:54 +00:00			`c.Lock()`
			`defer c.Unlock()`

Use WeakDecode to decode the initialize values (#2871) 2017-06-15 01:59:27 +00:00			`err := mapstructure.WeakDecode(conf, c)`
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs 2017-05-11 21:38:54 +00:00			`if err != nil {`
			`return err`
			`}`

			`if len(c.ConnectionURL) == 0 {`
			`return fmt.Errorf("connection_url cannot be empty")`
			`}`

Support MongoDB session-wide write concern (#3646) * Initial work on write concern support, set for the lifetime of the session * Add base64 encoded value support, include docs and tests * Handle error from json.Unmarshal, fix test and docs * Remove writeConcern struct, move JSON unmarshal to Initialize * Return error on empty mapping of write_concern into mgo.Safe struct 2017-12-05 20:31:01 +00:00			`if c.WriteConcern != "" {`
			`input := c.WriteConcern`

			`// Try to base64 decode the input. If successful, consider the decoded`
			`// value as input.`
			`inputBytes, err := base64.StdEncoding.DecodeString(input)`
			`if err == nil {`
			`input = string(inputBytes)`
			`}`

			`concern := &mgo.Safe{}`
			`err = json.Unmarshal([]byte(input), concern)`
			`if err != nil {`
			`return fmt.Errorf("error mashalling write_concern: %s", err)`
			`}`

			`// Guard against empty, non-nil mgo.Safe object; we don't want to pass that`
			`// into mgo.SetSafe in Connection().`
			`if (mgo.Safe{} == *concern) {`
			`return fmt.Errorf("provided write_concern values did not map to any mgo.Safe fields")`
			`}`
			`c.safe = concern`
			`}`

Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs 2017-05-11 21:38:54 +00:00			`// Set initialized to true at this point since all fields are set,`
			`// and the connection can be established at a later time.`
			`c.Initialized = true`

			`if verifyConnection {`
Database gRPC plugins (#3666) * Start work on context aware backends * Start work on moving the database plugins to gRPC in order to pass context * Add context to builtin database plugins * use byte slice instead of string * Context all the things * Move proto messages to the dbplugin package * Add a grpc mechanism for running backend plugins * Serve the GRPC plugin * Add backwards compatibility to the database plugins * Remove backend plugin changes * Remove backend plugin changes * Cleanup the transport implementations * If grpc connection is in an unexpected state restart the plugin * Fix tests * Fix tests * Remove context from the request object, replace it with context.TODO * Add a test to verify netRPC plugins still work * Remove unused mapstructure call * Code review fixes * Code review fixes * Code review fixes 2017-12-14 22:03:11 +00:00			`if _, err := c.Connection(ctx); err != nil {`
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs 2017-05-11 21:38:54 +00:00			`return fmt.Errorf("error verifying connection: %s", err)`
			`}`

			`if err := c.session.Ping(); err != nil {`
			`return fmt.Errorf("error verifying connection: %s", err)`
			`}`
			`}`

			`return nil`
			`}`

CreateUser deadlock fix (#3761) * Unlock the lock on CreateUser for Close call * Let getConnection handle session reset, return c.session on Connection 2018-01-08 17:42:05 +00:00			`// Connection creates or returns an exisitng a database connection. If the session fails`
			`// on a ping check, the session will be closed and then re-created.`
Database gRPC plugins (#3666) * Start work on context aware backends * Start work on moving the database plugins to gRPC in order to pass context * Add context to builtin database plugins * use byte slice instead of string * Context all the things * Move proto messages to the dbplugin package * Add a grpc mechanism for running backend plugins * Serve the GRPC plugin * Add backwards compatibility to the database plugins * Remove backend plugin changes * Remove backend plugin changes * Cleanup the transport implementations * If grpc connection is in an unexpected state restart the plugin * Fix tests * Fix tests * Remove context from the request object, replace it with context.TODO * Add a test to verify netRPC plugins still work * Remove unused mapstructure call * Code review fixes * Code review fixes * Code review fixes 2017-12-14 22:03:11 +00:00			`func (c *mongoDBConnectionProducer) Connection(_ context.Context) (interface{}, error) {`
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs 2017-05-11 21:38:54 +00:00			`if !c.Initialized {`
			`return nil, connutil.ErrNotInitialized`
			`}`

			`if c.session != nil {`
Ping the mongo session when the connection is retrieved. This was in the deprecated backend where it fixed a similar issue a long time ago but for some reason didn't make it over. Additionally the function wasn't being locked properly. Hopefully fixes #2973 2017-12-19 15:11:04 +00:00			`if err := c.session.Ping(); err == nil {`
			`return c.session, nil`
			`}`
			`c.session.Close()`
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs 2017-05-11 21:38:54 +00:00			`}`

			`dialInfo, err := parseMongoURL(c.ConnectionURL)`
			`if err != nil {`
			`return nil, err`
			`}`

			`c.session, err = mgo.DialWithInfo(dialInfo)`
			`if err != nil {`
			`return nil, err`
			`}`
Support MongoDB session-wide write concern (#3646) * Initial work on write concern support, set for the lifetime of the session * Add base64 encoded value support, include docs and tests * Handle error from json.Unmarshal, fix test and docs * Remove writeConcern struct, move JSON unmarshal to Initialize * Return error on empty mapping of write_concern into mgo.Safe struct 2017-12-05 20:31:01 +00:00
			`if c.safe != nil {`
			`c.session.SetSafe(c.safe)`
			`}`

Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs 2017-05-11 21:38:54 +00:00			`c.session.SetSyncTimeout(1 * time.Minute)`
			`c.session.SetSocketTimeout(1 * time.Minute)`

CreateUser deadlock fix (#3761) * Unlock the lock on CreateUser for Close call * Let getConnection handle session reset, return c.session on Connection 2018-01-08 17:42:05 +00:00			`return c.session, nil`
Mongodb plugin (#2698) * WIP on mongodb plugin * Add mongodb plugin * Add tests * Update mongodb.CreateUser() comment * Update docs * Add missing docs * Fix mongodb docs * Minor comment and test updates * Fix imports * Fix dockertest import * Set c.Initialized at the end, check for empty CreationStmts first on CreateUser * Remove Initialized check on Connection() * Add back Initialized check * Update docs * Move connProducer and credsProducer into pkg for mongodb and cassandra * Chage parseMongoURL to be a private func * Default to admin if no db is provided in creation_statements * Update comments and docs 2017-05-11 21:38:54 +00:00			`}`

			`// Close terminates the database connection.`
			`func (c *mongoDBConnectionProducer) Close() error {`
			`c.Lock()`
			`defer c.Unlock()`

			`if c.session != nil {`
			`c.session.Close()`
			`}`

			`c.session = nil`

			`return nil`
			`}`

			`func parseMongoURL(rawURL string) (*mgo.DialInfo, error) {`
			`url, err := url.Parse(rawURL)`
			`if err != nil {`
			`return nil, err`
			`}`

			`info := mgo.DialInfo{`
			`Addrs: strings.Split(url.Host, ","),`
			`Database: strings.TrimPrefix(url.Path, "/"),`
			`Timeout: 10 * time.Second,`
			`}`

			`if url.User != nil {`
			`info.Username = url.User.Username()`
			`info.Password, _ = url.User.Password()`
			`}`

			`query := url.Query()`
			`for key, values := range query {`
			`var value string`
			`if len(values) > 0 {`
			`value = values[0]`
			`}`

			`switch key {`
			`case "authSource":`
			`info.Source = value`
			`case "authMechanism":`
			`info.Mechanism = value`
			`case "gssapiServiceName":`
			`info.Service = value`
			`case "replicaSet":`
			`info.ReplicaSetName = value`
			`case "maxPoolSize":`
			`poolLimit, err := strconv.Atoi(value)`
			`if err != nil {`
			`return nil, errors.New("bad value for maxPoolSize: " + value)`
			`}`
			`info.PoolLimit = poolLimit`
			`case "ssl":`
			`// Unfortunately, mgo doesn't support the ssl parameter in its MongoDB URI parsing logic, so we have to handle that`
			`// ourselves. See https://github.com/go-mgo/mgo/issues/84`
			`ssl, err := strconv.ParseBool(value)`
			`if err != nil {`
			`return nil, errors.New("bad value for ssl: " + value)`
			`}`
			`if ssl {`
			`info.DialServer = func(addr *mgo.ServerAddr) (net.Conn, error) {`
			`return tls.Dial("tcp", addr.String(), &tls.Config{})`
			`}`
			`}`
			`case "connect":`
			`if value == "direct" {`
			`info.Direct = true`
			`break`
			`}`
			`if value == "replicaSet" {`
			`break`
			`}`
			`fallthrough`
			`default:`
			`return nil, errors.New("unsupported connection URL option: " + key + "=" + value)`
			`}`
			`}`

			`return &info, nil`
			`}`