open-vault/plugins/database/cassandra/cassandra.go

package cassandra

import (
	"strings"
	"time"

	"github.com/gocql/gocql"
	multierror "github.com/hashicorp/go-multierror"
	"github.com/hashicorp/vault/api"
	"github.com/hashicorp/vault/builtin/logical/database/dbplugin"
	"github.com/hashicorp/vault/helper/strutil"
	"github.com/hashicorp/vault/plugins"
	"github.com/hashicorp/vault/plugins/helper/database/connutil"
	"github.com/hashicorp/vault/plugins/helper/database/credsutil"
	"github.com/hashicorp/vault/plugins/helper/database/dbutil"
)

const (
	defaultUserCreationCQL = `CREATE USER '{{username}}' WITH PASSWORD '{{password}}' NOSUPERUSER;`
	defaultUserDeletionCQL = `DROP USER '{{username}}';`
	cassandraTypeName      = "cassandra"
)

// Cassandra is an implementation of Database interface
type Cassandra struct {
	connutil.ConnectionProducer
	credsutil.CredentialsProducer
}

// New returns a new Cassandra instance
func New() (interface{}, error) {
	connProducer := &connutil.CassandraConnectionProducer{}
	connProducer.Type = cassandraTypeName

	credsProducer := &credsutil.CassandraCredentialsProducer{}

	dbType := &Cassandra{
		ConnectionProducer:  connProducer,
		CredentialsProducer: credsProducer,
	}

	return dbType, nil
}

// Run instantiates a Cassandra object, and runs the RPC server for the plugin
func Run(apiTLSConfig *api.TLSConfig) error {
	dbType, err := New()
	if err != nil {
		return err
	}

	plugins.Serve(dbType.(*Cassandra), apiTLSConfig)

	return nil
}

// Type returns the TypeName for this backend
func (c *Cassandra) Type() (string, error) {
	return cassandraTypeName, nil
}

func (c *Cassandra) getConnection() (*gocql.Session, error) {
	session, err := c.Connection()
	if err != nil {
		return nil, err
	}

	return session.(*gocql.Session), nil
}

// CreateUser generates the username/password on the underlying Cassandra secret backend as instructed by
// the CreationStatement provided.
func (c *Cassandra) CreateUser(statements dbplugin.Statements, usernamePrefix string, expiration time.Time) (username string, password string, err error) {
	// Grab the lock
	c.Lock()
	defer c.Unlock()

	// Get the connection
	session, err := c.getConnection()
	if err != nil {
		return "", "", err
	}

	creationCQL := statements.CreationStatements
	if creationCQL == "" {
		creationCQL = defaultUserCreationCQL
	}
	rollbackCQL := statements.RollbackStatements
	if rollbackCQL == "" {
		rollbackCQL = defaultUserDeletionCQL
	}

	username, err = c.GenerateUsername(usernamePrefix)
	if err != nil {
		return "", "", err
	}

	password, err = c.GeneratePassword()
	if err != nil {
		return "", "", err
	}

	// Execute each query
	for _, query := range strutil.ParseArbitraryStringSlice(creationCQL, ";") {
		query = strings.TrimSpace(query)
		if len(query) == 0 {
			continue
		}

		err = session.Query(dbutil.QueryHelper(query, map[string]string{
			"username": username,
			"password": password,
		})).Exec()
		if err != nil {
			for _, query := range strutil.ParseArbitraryStringSlice(rollbackCQL, ";") {
				query = strings.TrimSpace(query)
				if len(query) == 0 {
					continue
				}

				session.Query(dbutil.QueryHelper(query, map[string]string{
					"username": username,
				})).Exec()
			}
			return "", "", err
		}
	}

	return username, password, nil
}

// RenewUser is not supported on Cassandra, so this is a no-op.
func (c *Cassandra) RenewUser(statements dbplugin.Statements, username string, expiration time.Time) error {
	// NOOP
	return nil
}

// RevokeUser attempts to drop the specified user.
func (c *Cassandra) RevokeUser(statements dbplugin.Statements, username string) error {
	// Grab the lock
	c.Lock()
	defer c.Unlock()

	session, err := c.getConnection()
	if err != nil {
		return err
	}

	revocationCQL := statements.RevocationStatements
	if revocationCQL == "" {
		revocationCQL = defaultUserDeletionCQL
	}

	var result *multierror.Error
	for _, query := range strutil.ParseArbitraryStringSlice(revocationCQL, ";") {
		query = strings.TrimSpace(query)
		if len(query) == 0 {
			continue
		}

		err := session.Query(dbutil.QueryHelper(query, map[string]string{
			"username": username,
		})).Exec()

		result = multierror.Append(result, err)
	}

	return result.ErrorOrNil()
}
Add cassandra plugin 2017-04-23 01:02:57 +00:00			`package cassandra`

			`import (`
			`"strings"`
			`"time"`

			`"github.com/gocql/gocql"`
Honor statements for RevokeUser on Cassandra backend, add method comments 2017-05-01 15:27:35 +00:00			`multierror "github.com/hashicorp/go-multierror"`
Update the api for serving plugins and provide a utility to pass TLS data for commuinicating with the vault process 2017-05-02 21:40:11 +00:00			`"github.com/hashicorp/vault/api"`
Add cassandra plugin 2017-04-23 01:02:57 +00:00			`"github.com/hashicorp/vault/builtin/logical/database/dbplugin"`
			`"github.com/hashicorp/vault/helper/strutil"`
Update the api for serving plugins and provide a utility to pass TLS data for commuinicating with the vault process 2017-05-02 21:40:11 +00:00			`"github.com/hashicorp/vault/plugins"`
Add cassandra plugin 2017-04-23 01:02:57 +00:00			`"github.com/hashicorp/vault/plugins/helper/database/connutil"`
			`"github.com/hashicorp/vault/plugins/helper/database/credsutil"`
			`"github.com/hashicorp/vault/plugins/helper/database/dbutil"`
			`)`

			`const (`
Honor statements for RevokeUser on Cassandra backend, add method comments 2017-05-01 15:27:35 +00:00			defaultUserCreationCQL = `CREATE USER '{{username}}' WITH PASSWORD '{{password}}' NOSUPERUSER;`
			defaultUserDeletionCQL = `DROP USER '{{username}}';`
			`cassandraTypeName = "cassandra"`
Add cassandra plugin 2017-04-23 01:02:57 +00:00			`)`

Honor statements for RevokeUser on Cassandra backend, add method comments 2017-05-01 15:27:35 +00:00			`// Cassandra is an implementation of Database interface`
Add cassandra plugin 2017-04-23 01:02:57 +00:00			`type Cassandra struct {`
			`connutil.ConnectionProducer`
			`credsutil.CredentialsProducer`
			`}`

Honor statements for RevokeUser on Cassandra backend, add method comments 2017-05-01 15:27:35 +00:00			`// New returns a new Cassandra instance`
Update New() func signature and its references 2017-04-27 15:07:52 +00:00			`func New() (interface{}, error) {`
Add cassandra plugin 2017-04-23 01:02:57 +00:00			`connProducer := &connutil.CassandraConnectionProducer{}`
			`connProducer.Type = cassandraTypeName`

			`credsProducer := &credsutil.CassandraCredentialsProducer{}`

			`dbType := &Cassandra{`
			`ConnectionProducer: connProducer,`
			`CredentialsProducer: credsProducer,`
			`}`

Update New() func signature and its references 2017-04-27 15:07:52 +00:00			`return dbType, nil`
Add cassandra plugin 2017-04-23 01:02:57 +00:00			`}`

Honor statements for RevokeUser on Cassandra backend, add method comments 2017-05-01 15:27:35 +00:00			`// Run instantiates a Cassandra object, and runs the RPC server for the plugin`
Update the api for serving plugins and provide a utility to pass TLS data for commuinicating with the vault process 2017-05-02 21:40:11 +00:00			`func Run(apiTLSConfig *api.TLSConfig) error {`
Update New() func signature and its references 2017-04-27 15:07:52 +00:00			`dbType, err := New()`
			`if err != nil {`
			`return err`
			`}`
Add cassandra plugin 2017-04-23 01:02:57 +00:00
Update the api for serving plugins and provide a utility to pass TLS data for commuinicating with the vault process 2017-05-02 21:40:11 +00:00			`plugins.Serve(dbType.(*Cassandra), apiTLSConfig)`
Add cassandra plugin 2017-04-23 01:02:57 +00:00
			`return nil`
			`}`

Honor statements for RevokeUser on Cassandra backend, add method comments 2017-05-01 15:27:35 +00:00			`// Type returns the TypeName for this backend`
Add cassandra plugin 2017-04-23 01:02:57 +00:00			`func (c *Cassandra) Type() (string, error) {`
			`return cassandraTypeName, nil`
			`}`

			`func (c Cassandra) getConnection() (gocql.Session, error) {`
			`session, err := c.Connection()`
			`if err != nil {`
			`return nil, err`
			`}`

			`return session.(*gocql.Session), nil`
			`}`

Honor statements for RevokeUser on Cassandra backend, add method comments 2017-05-01 15:27:35 +00:00			`// CreateUser generates the username/password on the underlying Cassandra secret backend as instructed by`
			`// the CreationStatement provided.`
Add cassandra plugin 2017-04-23 01:02:57 +00:00			`func (c *Cassandra) CreateUser(statements dbplugin.Statements, usernamePrefix string, expiration time.Time) (username string, password string, err error) {`
			`// Grab the lock`
			`c.Lock()`
			`defer c.Unlock()`

			`// Get the connection`
			`session, err := c.getConnection()`
			`if err != nil {`
			`return "", "", err`
			`}`

			`creationCQL := statements.CreationStatements`
			`if creationCQL == "" {`
Honor statements for RevokeUser on Cassandra backend, add method comments 2017-05-01 15:27:35 +00:00			`creationCQL = defaultUserCreationCQL`
Add cassandra plugin 2017-04-23 01:02:57 +00:00			`}`
			`rollbackCQL := statements.RollbackStatements`
			`if rollbackCQL == "" {`
Honor statements for RevokeUser on Cassandra backend, add method comments 2017-05-01 15:27:35 +00:00			`rollbackCQL = defaultUserDeletionCQL`
Add cassandra plugin 2017-04-23 01:02:57 +00:00			`}`

			`username, err = c.GenerateUsername(usernamePrefix)`
			`if err != nil {`
			`return "", "", err`
			`}`

			`password, err = c.GeneratePassword()`
			`if err != nil {`
			`return "", "", err`
			`}`

			`// Execute each query`
			`for _, query := range strutil.ParseArbitraryStringSlice(creationCQL, ";") {`
			`query = strings.TrimSpace(query)`
			`if len(query) == 0 {`
			`continue`
			`}`

			`err = session.Query(dbutil.QueryHelper(query, map[string]string{`
			`"username": username,`
			`"password": password,`
			`})).Exec()`
			`if err != nil {`
			`for _, query := range strutil.ParseArbitraryStringSlice(rollbackCQL, ";") {`
			`query = strings.TrimSpace(query)`
			`if len(query) == 0 {`
			`continue`
			`}`

			`session.Query(dbutil.QueryHelper(query, map[string]string{`
			`"username": username,`
			`})).Exec()`
			`}`
			`return "", "", err`
			`}`
			`}`

			`return username, password, nil`
			`}`

Honor statements for RevokeUser on Cassandra backend, add method comments 2017-05-01 15:27:35 +00:00			`// RenewUser is not supported on Cassandra, so this is a no-op.`
Add cassandra plugin 2017-04-23 01:02:57 +00:00			`func (c *Cassandra) RenewUser(statements dbplugin.Statements, username string, expiration time.Time) error {`
			`// NOOP`
			`return nil`
			`}`

Honor statements for RevokeUser on Cassandra backend, add method comments 2017-05-01 15:27:35 +00:00			`// RevokeUser attempts to drop the specified user.`
Add cassandra plugin 2017-04-23 01:02:57 +00:00			`func (c *Cassandra) RevokeUser(statements dbplugin.Statements, username string) error {`
			`// Grab the lock`
			`c.Lock()`
			`defer c.Unlock()`

			`session, err := c.getConnection()`
			`if err != nil {`
			`return err`
			`}`

Honor statements for RevokeUser on Cassandra backend, add method comments 2017-05-01 15:27:35 +00:00			`revocationCQL := statements.RevocationStatements`
			`if revocationCQL == "" {`
			`revocationCQL = defaultUserDeletionCQL`
Add cassandra plugin 2017-04-23 01:02:57 +00:00			`}`

Honor statements for RevokeUser on Cassandra backend, add method comments 2017-05-01 15:27:35 +00:00			`var result *multierror.Error`
			`for _, query := range strutil.ParseArbitraryStringSlice(revocationCQL, ";") {`
			`query = strings.TrimSpace(query)`
			`if len(query) == 0 {`
			`continue`
			`}`

			`err := session.Query(dbutil.QueryHelper(query, map[string]string{`
			`"username": username,`
			`})).Exec()`

			`result = multierror.Append(result, err)`
			`}`

			`return result.ErrorOrNil()`
Add cassandra plugin 2017-04-23 01:02:57 +00:00			`}`