open-vault/physical/alicloudoss/alicloudoss.go
2019-04-12 17:54:35 -04:00

223 lines
5 KiB
Go

package alicloudoss
import (
"bytes"
"context"
"fmt"
"io"
"os"
"sort"
"strconv"
"strings"
"time"
"github.com/aliyun/aliyun-oss-go-sdk/oss"
metrics "github.com/armon/go-metrics"
"github.com/hashicorp/errwrap"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/sdk/physical"
)
// Verify AliCloudOSSBackend satisfies the correct interfaces
var _ physical.Backend = (*AliCloudOSSBackend)(nil)
// AliCloudOSSBackend is a physical backend that stores data
// within an Alibaba OSS bucket.
type AliCloudOSSBackend struct {
bucket string
client *oss.Client
logger log.Logger
permitPool *physical.PermitPool
}
// NewAliCloudOSSBackend constructs an OSS backend using a pre-existing
// bucket. Credentials can be provided to the backend, sourced
// from the environment.
func NewAliCloudOSSBackend(conf map[string]string, logger log.Logger) (physical.Backend, error) {
endpoint := os.Getenv("ALICLOUD_OSS_ENDPOINT")
if endpoint == "" {
endpoint = conf["endpoint"]
if endpoint == "" {
return nil, fmt.Errorf("'endpoint' must be set")
}
}
bucket := os.Getenv("ALICLOUD_OSS_BUCKET")
if bucket == "" {
bucket = conf["bucket"]
if bucket == "" {
return nil, fmt.Errorf("'bucket' must be set")
}
}
accessKeyID := os.Getenv("ALICLOUD_ACCESS_KEY")
if accessKeyID == "" {
accessKeyID = conf["access_key"]
if accessKeyID == "" {
return nil, fmt.Errorf("'access_key' must be set")
}
}
accessKeySecret := os.Getenv("ALICLOUD_SECRET_KEY")
if accessKeySecret == "" {
accessKeySecret = conf["secret_key"]
if accessKeySecret == "" {
return nil, fmt.Errorf("'secret_key' must be set")
}
}
options := func(c *oss.Client) {
c.Config.Timeout = 30
}
client, err := oss.New(endpoint, accessKeyID, accessKeySecret, options)
if err != nil {
return nil, err
}
bucketObj, err := client.Bucket(bucket)
if err != nil {
return nil, err
}
_, err = bucketObj.ListObjects()
if err != nil {
return nil, errwrap.Wrapf(fmt.Sprintf("unable to access bucket %q at endpoint %q: {{err}}", bucket, endpoint), err)
}
maxParStr, ok := conf["max_parallel"]
var maxParInt int
if ok {
maxParInt, err = strconv.Atoi(maxParStr)
if err != nil {
return nil, errwrap.Wrapf("failed parsing max_parallel parameter: {{err}}", err)
}
if logger.IsDebug() {
logger.Debug("max_parallel set", "max_parallel", maxParInt)
}
}
a := &AliCloudOSSBackend{
client: client,
bucket: bucket,
logger: logger,
permitPool: physical.NewPermitPool(maxParInt),
}
return a, nil
}
// Put is used to insert or update an entry
func (a *AliCloudOSSBackend) Put(ctx context.Context, entry *physical.Entry) error {
defer metrics.MeasureSince([]string{"alibaba", "put"}, time.Now())
a.permitPool.Acquire()
defer a.permitPool.Release()
bucket, err := a.client.Bucket(a.bucket)
if err != nil {
return err
}
return bucket.PutObject(entry.Key, bytes.NewReader(entry.Value))
}
// Get is used to fetch an entry
func (a *AliCloudOSSBackend) Get(ctx context.Context, key string) (*physical.Entry, error) {
defer metrics.MeasureSince([]string{"alibaba", "get"}, time.Now())
a.permitPool.Acquire()
defer a.permitPool.Release()
bucket, err := a.client.Bucket(a.bucket)
if err != nil {
return nil, err
}
object, err := bucket.GetObject(key)
if err != nil {
switch err := err.(type) {
case oss.ServiceError:
if err.StatusCode == 404 && err.Code == "NoSuchKey" {
return nil, nil
}
}
return nil, err
}
data := bytes.NewBuffer(nil)
_, err = io.Copy(data, object)
if err != nil {
return nil, err
}
ent := &physical.Entry{
Key: key,
Value: data.Bytes(),
}
return ent, nil
}
// Delete is used to permanently delete an entry
func (a *AliCloudOSSBackend) Delete(ctx context.Context, key string) error {
defer metrics.MeasureSince([]string{"alibaba", "delete"}, time.Now())
a.permitPool.Acquire()
defer a.permitPool.Release()
bucket, err := a.client.Bucket(a.bucket)
if err != nil {
return err
}
return bucket.DeleteObject(key)
}
// List is used to list all the keys under a given
// prefix, up to the next prefix.
func (a *AliCloudOSSBackend) List(ctx context.Context, prefix string) ([]string, error) {
defer metrics.MeasureSince([]string{"alibaba", "list"}, time.Now())
a.permitPool.Acquire()
defer a.permitPool.Release()
keys := []string{}
bucket, err := a.client.Bucket(a.bucket)
if err != nil {
return nil, err
}
marker := oss.Marker("")
for {
result, err := bucket.ListObjects(oss.Prefix(prefix), oss.Delimiter("/"), marker)
if err != nil {
return nil, err
}
for _, commonPrefix := range result.CommonPrefixes {
commonPrefix := strings.TrimPrefix(commonPrefix, prefix)
keys = append(keys, commonPrefix)
}
for _, object := range result.Objects {
// Add objects only from the current 'folder'
key := strings.TrimPrefix(object.Key, prefix)
keys = append(keys, key)
}
if !result.IsTruncated {
break
}
marker = oss.Marker(result.NextMarker)
}
sort.Strings(keys)
return keys, nil
}