28e3eb9e2c
* package api * package builtin/credential * package builtin/logical * package command * package helper * package http and logical * package physical * package shamir * package vault * package vault * address feedback * more fixes
223 lines
5.2 KiB
Go
223 lines
5.2 KiB
Go
package swift
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"os"
|
|
"sort"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
log "github.com/hashicorp/go-hclog"
|
|
|
|
"github.com/armon/go-metrics"
|
|
"github.com/hashicorp/errwrap"
|
|
"github.com/hashicorp/go-cleanhttp"
|
|
"github.com/hashicorp/vault/helper/strutil"
|
|
"github.com/hashicorp/vault/physical"
|
|
"github.com/ncw/swift"
|
|
)
|
|
|
|
// Verify SwiftBackend satisfies the correct interfaces
|
|
var _ physical.Backend = (*SwiftBackend)(nil)
|
|
|
|
// SwiftBackend is a physical backend that stores data
|
|
// within an OpenStack Swift container.
|
|
type SwiftBackend struct {
|
|
container string
|
|
client *swift.Connection
|
|
logger log.Logger
|
|
permitPool *physical.PermitPool
|
|
}
|
|
|
|
// NewSwiftBackend constructs a Swift backend using a pre-existing
|
|
// container. Credentials can be provided to the backend, sourced
|
|
// from the environment.
|
|
func NewSwiftBackend(conf map[string]string, logger log.Logger) (physical.Backend, error) {
|
|
var ok bool
|
|
|
|
username := os.Getenv("OS_USERNAME")
|
|
if username == "" {
|
|
username = conf["username"]
|
|
if username == "" {
|
|
return nil, fmt.Errorf("missing username")
|
|
}
|
|
}
|
|
password := os.Getenv("OS_PASSWORD")
|
|
if password == "" {
|
|
password = conf["password"]
|
|
if password == "" {
|
|
return nil, fmt.Errorf("missing password")
|
|
}
|
|
}
|
|
authUrl := os.Getenv("OS_AUTH_URL")
|
|
if authUrl == "" {
|
|
authUrl = conf["auth_url"]
|
|
if authUrl == "" {
|
|
return nil, fmt.Errorf("missing auth_url")
|
|
}
|
|
}
|
|
container := os.Getenv("OS_CONTAINER")
|
|
if container == "" {
|
|
container = conf["container"]
|
|
if container == "" {
|
|
return nil, fmt.Errorf("missing container")
|
|
}
|
|
}
|
|
project := os.Getenv("OS_PROJECT_NAME")
|
|
if project == "" {
|
|
if project, ok = conf["project"]; !ok {
|
|
// Check for KeyStone naming prior to V3
|
|
project = os.Getenv("OS_TENANT_NAME")
|
|
if project == "" {
|
|
project = conf["tenant"]
|
|
}
|
|
}
|
|
}
|
|
|
|
domain := os.Getenv("OS_USER_DOMAIN_NAME")
|
|
if domain == "" {
|
|
domain = conf["domain"]
|
|
}
|
|
projectDomain := os.Getenv("OS_PROJECT_DOMAIN_NAME")
|
|
if projectDomain == "" {
|
|
projectDomain = conf["project-domain"]
|
|
}
|
|
|
|
c := swift.Connection{
|
|
Domain: domain,
|
|
UserName: username,
|
|
ApiKey: password,
|
|
AuthUrl: authUrl,
|
|
Tenant: project,
|
|
TenantDomain: projectDomain,
|
|
Transport: cleanhttp.DefaultPooledTransport(),
|
|
}
|
|
|
|
err := c.Authenticate()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
_, _, err = c.Container(container)
|
|
if err != nil {
|
|
return nil, errwrap.Wrapf(fmt.Sprintf("Unable to access container %q: {{err}}", container), err)
|
|
}
|
|
|
|
maxParStr, ok := conf["max_parallel"]
|
|
var maxParInt int
|
|
if ok {
|
|
maxParInt, err = strconv.Atoi(maxParStr)
|
|
if err != nil {
|
|
return nil, errwrap.Wrapf("failed parsing max_parallel parameter: {{err}}", err)
|
|
}
|
|
if logger.IsDebug() {
|
|
logger.Debug("max_parallel set", "max_parallel", maxParInt)
|
|
}
|
|
}
|
|
|
|
s := &SwiftBackend{
|
|
client: &c,
|
|
container: container,
|
|
logger: logger,
|
|
permitPool: physical.NewPermitPool(maxParInt),
|
|
}
|
|
return s, nil
|
|
}
|
|
|
|
// Put is used to insert or update an entry
|
|
func (s *SwiftBackend) Put(ctx context.Context, entry *physical.Entry) error {
|
|
defer metrics.MeasureSince([]string{"swift", "put"}, time.Now())
|
|
|
|
s.permitPool.Acquire()
|
|
defer s.permitPool.Release()
|
|
|
|
err := s.client.ObjectPutBytes(s.container, entry.Key, entry.Value, "")
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Get is used to fetch an entry
|
|
func (s *SwiftBackend) Get(ctx context.Context, key string) (*physical.Entry, error) {
|
|
defer metrics.MeasureSince([]string{"swift", "get"}, time.Now())
|
|
|
|
s.permitPool.Acquire()
|
|
defer s.permitPool.Release()
|
|
|
|
//Do a list of names with the key first since eventual consistency means
|
|
//it might be deleted, but a node might return a read of bytes which fails
|
|
//the physical test
|
|
list, err := s.client.ObjectNames(s.container, &swift.ObjectsOpts{Prefix: key})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if 0 == len(list) {
|
|
return nil, nil
|
|
}
|
|
data, err := s.client.ObjectGetBytes(s.container, key)
|
|
if err == swift.ObjectNotFound {
|
|
return nil, nil
|
|
}
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
ent := &physical.Entry{
|
|
Key: key,
|
|
Value: data,
|
|
}
|
|
|
|
return ent, nil
|
|
}
|
|
|
|
// Delete is used to permanently delete an entry
|
|
func (s *SwiftBackend) Delete(ctx context.Context, key string) error {
|
|
defer metrics.MeasureSince([]string{"swift", "delete"}, time.Now())
|
|
|
|
s.permitPool.Acquire()
|
|
defer s.permitPool.Release()
|
|
|
|
err := s.client.ObjectDelete(s.container, key)
|
|
|
|
if err != nil && err != swift.ObjectNotFound {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// List is used to list all the keys under a given
|
|
// prefix, up to the next prefix.
|
|
func (s *SwiftBackend) List(ctx context.Context, prefix string) ([]string, error) {
|
|
defer metrics.MeasureSince([]string{"swift", "list"}, time.Now())
|
|
|
|
s.permitPool.Acquire()
|
|
defer s.permitPool.Release()
|
|
|
|
list, err := s.client.ObjectNamesAll(s.container, &swift.ObjectsOpts{Prefix: prefix})
|
|
if nil != err {
|
|
return nil, err
|
|
}
|
|
|
|
keys := []string{}
|
|
for _, key := range list {
|
|
key := strings.TrimPrefix(key, prefix)
|
|
|
|
if i := strings.Index(key, "/"); i == -1 {
|
|
// Add objects only from the current 'folder'
|
|
keys = append(keys, key)
|
|
} else if i != -1 {
|
|
// Add truncated 'folder' paths
|
|
keys = strutil.AppendIfMissing(keys, key[:i+1])
|
|
}
|
|
}
|
|
|
|
sort.Strings(keys)
|
|
|
|
return keys, nil
|
|
}
|