Aerospike storage backend

command/commands.go

@@ -41,6 +41,7 @@ import (
 	logicalKv "github.com/hashicorp/vault-plugin-secrets-kv"
 	logicalDb "github.com/hashicorp/vault/builtin/logical/database"
 
+	physAerospike "github.com/hashicorp/vault/physical/aerospike"
 	physAliCloudOSS "github.com/hashicorp/vault/physical/alicloudoss"
 	physAzure "github.com/hashicorp/vault/physical/azure"
 	physCassandra "github.com/hashicorp/vault/physical/cassandra"
@@ -132,6 +133,7 @@ var (
 	}
 
 	physicalBackends = map[string]physical.Factory{
+		"aerospike":              physAerospike.NewAerospikeBackend,
 		"alicloudoss":            physAliCloudOSS.NewAliCloudOSSBackend,
 		"azure":                  physAzure.NewAzureBackend,
 		"cassandra":              physCassandra.NewCassandraBackend,

go.mod

@@ -17,6 +17,7 @@ require (
 	github.com/SAP/go-hdb v0.14.1
 	github.com/Sectorbob/mlab-ns2 v0.0.0-20171030222938-d3aa0c295a8a
 	github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d // indirect
+	github.com/aerospike/aerospike-client-go v3.1.0+incompatible
 	github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190620160927-9418d7b0cd0f
 	github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190307165228-86c17b95fcd5
 	github.com/apple/foundationdb/bindings/go v0.0.0-20190411004307-cd5c9d91fad2
@@ -143,6 +144,7 @@ require (
 	github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c // indirect
 	github.com/xdg/stringprep v1.0.0 // indirect
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
+	github.com/yuin/gopher-lua v0.0.0-20200816102855-ee81675732da // indirect
 	go.etcd.io/bbolt v1.3.5
 	go.etcd.io/etcd v0.5.0-alpha.5.0.20200425165423-262c93980547
 	go.mongodb.org/mongo-driver v1.2.1

go.sum

@@ -92,7 +92,6 @@ github.com/Jeffail/gabs v1.1.1/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/
 github.com/Masterminds/semver v1.4.2 h1:WBLTQ37jOCzSLtXNdoo8bNM8876KhNqOKvrlGITgsTc=
 github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Microsoft/go-winio v0.4.13/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 h1:ygIc8M6trr62pF5DucadTWGdEB4mEyvzi0e2nbcmcyA=
 github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
 github.com/Microsoft/hcsshim v0.8.9 h1:VrfodqvztU8YSOvygU+DN1BGaSGxmrNfqOv5oOuX2Bk=
@@ -112,6 +111,8 @@ github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d h1:G0m3OIz70MZUW
 github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
 github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af h1:DBNMBMuMiWYu0b+8KMJuWmfCkcxl09JwdlqwDZZ6U14=
 github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af/go.mod h1:5Jv4cbFiHJMsVxt52+i0Ha45fjshj6wxYr1r19tB9bw=
+github.com/aerospike/aerospike-client-go v3.1.0+incompatible h1:ggcqXpZOCBlMptXPooX9MQfOa8aKIPhdCqLwAjR5M9U=
+github.com/aerospike/aerospike-client-go v3.1.0+incompatible/go.mod h1:zj8LBEnWBDOVEIJt8LvaRvDG5ARAoa5dBeHaB472NRc=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
@@ -536,10 +537,6 @@ github.com/hashicorp/vault-plugin-auth-kubernetes v0.7.1-0.20200921171209-a8c355
 github.com/hashicorp/vault-plugin-auth-kubernetes v0.7.1-0.20200921171209-a8c355e565cb/go.mod h1:2c/k3nsoGPKV+zpAWCiajt4e66vncEq8Li/eKLqErAc=
 github.com/hashicorp/vault-plugin-auth-oci v0.5.5 h1:nIP8g+VZd2V+LY/D5omWhLSnhHuogIJx7Bz6JyLt628=
 github.com/hashicorp/vault-plugin-auth-oci v0.5.5/go.mod h1:Cn5cjR279Y+snw8LTaiLTko3KGrbigRbsQPOd2D5xDw=
-github.com/hashicorp/vault-plugin-database-couchbase v0.1.0 h1:P/ji+KVmIXDyF3dM2PVb5wUpNMeEieFqJpj9derJlPg=
-github.com/hashicorp/vault-plugin-database-couchbase v0.1.0/go.mod h1:N4esW48+x1CClz6unRkGZGUBBR87iMMLbpHpnkQDiXg=
-github.com/hashicorp/vault-plugin-database-couchbase v0.1.1-0.20201006201549-a6eff27be5be h1:QypMebL8zdVtZJmJ0LmIdEcZAarLLNGfWoA4ATMRO5I=
-github.com/hashicorp/vault-plugin-database-couchbase v0.1.1-0.20201006201549-a6eff27be5be/go.mod h1:7bQzTBzTwG0x+E9+MjEVbqBSlN524VvebPOsKJTysXM=
 github.com/hashicorp/vault-plugin-database-couchbase v0.1.1-0.20201009184913-83c385bec4a2 h1:OtSJIcQjq7VFpIbbY2mT7oy1CAeIdeDB1sTitwikimI=
 github.com/hashicorp/vault-plugin-database-couchbase v0.1.1-0.20201009184913-83c385bec4a2/go.mod h1:UsqbPpxKodWyNmiEVkL1UkzTUkd33llDcQ34ElAEsuc=
 github.com/hashicorp/vault-plugin-database-elasticsearch v0.5.4 h1:YE4qndazWmYGpVOoZI7nDGG+gwTZKzL1Ou4WZQ+Tdxk=
@@ -919,6 +916,8 @@ github.com/yandex-cloud/go-genproto v0.0.0-20200722140432-762fe965ce77/go.mod h1
 github.com/yandex-cloud/go-sdk v0.0.0-20200722140627-2194e5077f13/go.mod h1:LEdAMqa1v/7KYe4b13ALLkonuDxLph57ibUb50ctvJk=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/gopher-lua v0.0.0-20200816102855-ee81675732da h1:NimzV1aGyq29m5ukMK0AMWEhFaL/lrEOaephfuoiARg=
+github.com/yuin/gopher-lua v0.0.0-20200816102855-ee81675732da/go.mod h1:E1AXubJBdNmFERAOucpDIxNzeGfLzg0mYh+UfMWdChA=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.4 h1:hi1bXHMVrlQh6WwxAy+qZCV/SYIlqo+Ushwdpa4tAKg=
 go.etcd.io/bbolt v1.3.4/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
@@ -1063,6 +1062,7 @@ golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181218192612-074acd46bca6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190204203706-41f3e6584952/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

physical/aerospike/aerospike.go

@@ -0,0 +1,155 @@
+package aerospike
+
+import (
+	"context"
+	"fmt"
+	"hash/fnv"
+	"strconv"
+	"strings"
+
+	aero "github.com/aerospike/aerospike-client-go"
+	log "github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/vault/sdk/physical"
+)
+
+const (
+	keyBin   = "keyBin"
+	valueBin = "valueBin"
+)
+
+// AerospikeBackend is a physical backend that stores data in Aerospike.
+type AerospikeBackend struct {
+	client    *aero.Client
+	namespace string
+	set       string
+	logger    log.Logger
+}
+
+// Verify AerospikeBackend satisfies the correct interface.
+var _ physical.Backend = (*AerospikeBackend)(nil)
+
+// NewAerospikeBackend constructs an AerospikeBackend backend.
+func NewAerospikeBackend(conf map[string]string, logger log.Logger) (physical.Backend, error) {
+	namespace := conf["namespace"]
+	set := conf["set"]
+
+	policy := aero.NewClientPolicy()
+	policy.User = conf["username"]
+	policy.Password = conf["password"]
+
+	port, err := strconv.Atoi(conf["port"])
+	if err != nil {
+		return nil, err
+	}
+
+	client, err := aero.NewClientWithPolicy(policy, conf["hostname"], port)
+	if err != nil {
+		return nil, err
+	}
+
+	return &AerospikeBackend{
+		client:    client,
+		namespace: namespace,
+		set:       set,
+		logger:    logger,
+	}, nil
+}
+
+func (a *AerospikeBackend) key(userKey string) (*aero.Key, error) {
+	return aero.NewKey(a.namespace, a.set, hash(userKey))
+}
+
+// Put is used to insert or update an entry.
+func (a *AerospikeBackend) Put(ctx context.Context, entry *physical.Entry) error {
+	aeroKey, err := a.key(entry.Key)
+	if err != nil {
+		return err
+	}
+
+	writePolicy := aero.NewWritePolicy(0, 0)
+	writePolicy.RecordExistsAction = aero.REPLACE
+
+	binMap := make(aero.BinMap, 2)
+	binMap[keyBin] = entry.Key
+	binMap[valueBin] = entry.Value
+
+	return a.client.Put(writePolicy, aeroKey, binMap)
+}
+
+// Get is used to fetch an entry.
+func (a *AerospikeBackend) Get(ctx context.Context, key string) (*physical.Entry, error) {
+	aeroKey, err := a.key(key)
+	if err != nil {
+		return nil, err
+	}
+
+	record, err := a.client.Get(nil, aeroKey)
+	if err != nil {
+		if err.Error() == "Key not found" {
+			return nil, nil
+		}
+		return nil, err
+	}
+
+	return &physical.Entry{
+		Key:   key,
+		Value: record.Bins[valueBin].([]byte),
+	}, nil
+}
+
+// Delete is used to permanently delete an entry.
+func (a *AerospikeBackend) Delete(ctx context.Context, key string) error {
+	aeroKey, err := a.key(key)
+	if err != nil {
+		return err
+	}
+
+	_, err = a.client.Delete(nil, aeroKey)
+	return err
+}
+
+// List is used to list all the keys under a given
+// prefix, up to the next prefix.
+func (a *AerospikeBackend) List(ctx context.Context, prefix string) ([]string, error) {
+	recordSet, err := a.client.ScanAll(nil, a.namespace, a.set)
+	if err != nil {
+		return nil, err
+	}
+
+	var keyList []string
+	for res := range recordSet.Results() {
+		if res.Err != nil {
+			return nil, res.Err
+		}
+		recordKey := res.Record.Bins[keyBin].(string)
+		if strings.HasPrefix(recordKey, prefix) {
+			trimPrefix := strings.Replace(recordKey, prefix, "", 1)
+			keys := strings.Split(trimPrefix, "/")
+			if len(keys) == 1 {
+				keyList = append(keyList, keys[0])
+			} else {
+				withSlash := keys[0] + "/"
+				if !listContains(keyList, withSlash) {
+					keyList = append(keyList, withSlash)
+				}
+			}
+		}
+	}
+
+	return keyList, nil
+}
+
+func hash(s string) string {
+	h := fnv.New32a()
+	h.Write([]byte(s))
+	return fmt.Sprint(h.Sum32())
+}
+
+func listContains(list []string, s string) bool {
+	for _, i := range list {
+		if i == s {
+			return true
+		}
+	}
+	return false
+}

physical/aerospike/aerospike_test.go

@@ -0,0 +1,88 @@
+package aerospike
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	aero "github.com/aerospike/aerospike-client-go"
+	log "github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/vault/helper/testhelpers/docker"
+	"github.com/hashicorp/vault/sdk/helper/logging"
+	"github.com/hashicorp/vault/sdk/physical"
+)
+
+func TestAerospikeBackend(t *testing.T) {
+	cleanup, config := prepareAerospikeContainer(t)
+	defer cleanup()
+
+	logger := logging.NewVaultLogger(log.Debug)
+
+	b, err := NewAerospikeBackend(map[string]string{
+		"hostname":  config.hostname,
+		"port":      config.port,
+		"namespace": config.namespace,
+		"set":       config.set,
+	}, logger)
+
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	physical.ExerciseBackend(t, b)
+	physical.ExerciseBackend_ListPrefix(t, b)
+}
+
+type aerospikeConfig struct {
+	hostname  string
+	port      string
+	namespace string
+	set       string
+}
+
+func prepareAerospikeContainer(t *testing.T) (func(), *aerospikeConfig) {
+	runner, err := docker.NewServiceRunner(docker.RunOptions{
+		ImageRepo:       "aerospike/aerospike-server",
+		ContainerName:   "aerospikedb",
+		ImageTag:        "latest",
+		Ports:           []string{"3000/tcp", "3001/tcp", "3002/tcp", "3003/tcp"},
+		DoNotAutoRemove: true,
+	})
+	if err != nil {
+		t.Fatalf("Could not start local Aerospike: %s", err)
+	}
+
+	svc, err := runner.StartService(context.Background(),
+		func(ctx context.Context, host string, port int) (docker.ServiceConfig, error) {
+			cfg := docker.NewServiceHostPort(host, port)
+
+			time.Sleep(time.Second)
+			client, err := aero.NewClient(host, port)
+			if err != nil {
+				return nil, err
+			}
+
+			node, err := client.Cluster().GetRandomNode()
+			if err != nil {
+				return nil, err
+			}
+
+			_, err = node.RequestInfo(aero.NewInfoPolicy(), "namespaces")
+			if err != nil {
+				return nil, err
+			}
+
+			return cfg, nil
+		},
+	)
+	if err != nil {
+		t.Fatalf("Could not start local Aerospike: %s", err)
+	}
+
+	return svc.Cleanup, &aerospikeConfig{
+		hostname:  svc.Config.URL().Hostname(),
+		port:      svc.Config.URL().Port(),
+		namespace: "test",
+		set:       "vault",
+	}
+}