open-vault/plugins/database/cassandra/cassandra.go

170 lines
4.1 KiB
Go
Raw Normal View History

2017-04-23 01:02:57 +00:00
package cassandra
import (
"strings"
"time"
"github.com/gocql/gocql"
multierror "github.com/hashicorp/go-multierror"
"github.com/hashicorp/vault/api"
2017-04-23 01:02:57 +00:00
"github.com/hashicorp/vault/builtin/logical/database/dbplugin"
"github.com/hashicorp/vault/helper/strutil"
"github.com/hashicorp/vault/plugins"
2017-04-23 01:02:57 +00:00
"github.com/hashicorp/vault/plugins/helper/database/connutil"
"github.com/hashicorp/vault/plugins/helper/database/credsutil"
"github.com/hashicorp/vault/plugins/helper/database/dbutil"
)
const (
defaultUserCreationCQL = `CREATE USER '{{username}}' WITH PASSWORD '{{password}}' NOSUPERUSER;`
defaultUserDeletionCQL = `DROP USER '{{username}}';`
cassandraTypeName = "cassandra"
2017-04-23 01:02:57 +00:00
)
// Cassandra is an implementation of Database interface
2017-04-23 01:02:57 +00:00
type Cassandra struct {
connutil.ConnectionProducer
credsutil.CredentialsProducer
}
// New returns a new Cassandra instance
func New() (interface{}, error) {
connProducer := &cassandraConnectionProducer{}
2017-04-23 01:02:57 +00:00
connProducer.Type = cassandraTypeName
credsProducer := &cassandraCredentialsProducer{}
2017-04-23 01:02:57 +00:00
dbType := &Cassandra{
ConnectionProducer: connProducer,
CredentialsProducer: credsProducer,
}
return dbType, nil
2017-04-23 01:02:57 +00:00
}
// Run instantiates a Cassandra object, and runs the RPC server for the plugin
func Run(apiTLSConfig *api.TLSConfig) error {
dbType, err := New()
if err != nil {
return err
}
2017-04-23 01:02:57 +00:00
plugins.Serve(dbType.(*Cassandra), apiTLSConfig)
2017-04-23 01:02:57 +00:00
return nil
}
// Type returns the TypeName for this backend
2017-04-23 01:02:57 +00:00
func (c *Cassandra) Type() (string, error) {
return cassandraTypeName, nil
}
func (c *Cassandra) getConnection() (*gocql.Session, error) {
session, err := c.Connection()
if err != nil {
return nil, err
}
return session.(*gocql.Session), nil
}
// CreateUser generates the username/password on the underlying Cassandra secret backend as instructed by
// the CreationStatement provided.
2017-04-23 01:02:57 +00:00
func (c *Cassandra) CreateUser(statements dbplugin.Statements, usernamePrefix string, expiration time.Time) (username string, password string, err error) {
// Grab the lock
c.Lock()
defer c.Unlock()
// Get the connection
session, err := c.getConnection()
if err != nil {
return "", "", err
}
creationCQL := statements.CreationStatements
if creationCQL == "" {
creationCQL = defaultUserCreationCQL
2017-04-23 01:02:57 +00:00
}
rollbackCQL := statements.RollbackStatements
if rollbackCQL == "" {
rollbackCQL = defaultUserDeletionCQL
2017-04-23 01:02:57 +00:00
}
username, err = c.GenerateUsername(usernamePrefix)
if err != nil {
return "", "", err
}
password, err = c.GeneratePassword()
if err != nil {
return "", "", err
}
// Execute each query
for _, query := range strutil.ParseArbitraryStringSlice(creationCQL, ";") {
query = strings.TrimSpace(query)
if len(query) == 0 {
continue
}
err = session.Query(dbutil.QueryHelper(query, map[string]string{
"username": username,
"password": password,
})).Exec()
if err != nil {
for _, query := range strutil.ParseArbitraryStringSlice(rollbackCQL, ";") {
query = strings.TrimSpace(query)
if len(query) == 0 {
continue
}
session.Query(dbutil.QueryHelper(query, map[string]string{
"username": username,
})).Exec()
}
return "", "", err
}
}
return username, password, nil
}
// RenewUser is not supported on Cassandra, so this is a no-op.
2017-04-23 01:02:57 +00:00
func (c *Cassandra) RenewUser(statements dbplugin.Statements, username string, expiration time.Time) error {
// NOOP
return nil
}
// RevokeUser attempts to drop the specified user.
2017-04-23 01:02:57 +00:00
func (c *Cassandra) RevokeUser(statements dbplugin.Statements, username string) error {
// Grab the lock
c.Lock()
defer c.Unlock()
session, err := c.getConnection()
if err != nil {
return err
}
revocationCQL := statements.RevocationStatements
if revocationCQL == "" {
revocationCQL = defaultUserDeletionCQL
2017-04-23 01:02:57 +00:00
}
var result *multierror.Error
for _, query := range strutil.ParseArbitraryStringSlice(revocationCQL, ";") {
query = strings.TrimSpace(query)
if len(query) == 0 {
continue
}
err := session.Query(dbutil.QueryHelper(query, map[string]string{
"username": username,
})).Exec()
result = multierror.Append(result, err)
}
return result.ErrorOrNil()
2017-04-23 01:02:57 +00:00
}