remove swift
This commit is contained in:
parent
42b08e8140
commit
eae51feabb
|
@ -52,7 +52,6 @@ import (
|
|||
physOCI "github.com/hashicorp/vault/physical/oci"
|
||||
physPostgreSQL "github.com/hashicorp/vault/physical/postgresql"
|
||||
physRaft "github.com/hashicorp/vault/physical/raft"
|
||||
physSwift "github.com/hashicorp/vault/physical/swift"
|
||||
physFile "github.com/hashicorp/vault/sdk/physical/file"
|
||||
physInmem "github.com/hashicorp/vault/sdk/physical/inmem"
|
||||
|
||||
|
@ -190,7 +189,6 @@ var (
|
|||
"mysql": physMySQL.NewMySQLBackend,
|
||||
"oci": physOCI.NewBackend,
|
||||
"postgresql": physPostgreSQL.NewPostgreSQLBackend,
|
||||
"swift": physSwift.NewSwiftBackend,
|
||||
"raft": physRaft.NewRaftBackend,
|
||||
}
|
||||
|
||||
|
|
1
go.mod
1
go.mod
|
@ -140,7 +140,6 @@ require (
|
|||
github.com/mitchellh/mapstructure v1.5.0
|
||||
github.com/mitchellh/reflectwalk v1.0.2
|
||||
github.com/natefinch/atomic v0.0.0-20150920032501-a62ce929ffcc
|
||||
github.com/ncw/swift v1.0.47
|
||||
github.com/oklog/run v1.1.0
|
||||
github.com/okta/okta-sdk-golang/v2 v2.12.1
|
||||
github.com/oracle/oci-go-sdk v24.3.0+incompatible
|
||||
|
|
1
go.sum
1
go.sum
|
@ -2426,7 +2426,6 @@ github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRW
|
|||
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
|
||||
github.com/natefinch/atomic v0.0.0-20150920032501-a62ce929ffcc h1:7xGrl4tTpBQu5Zjll08WupHyq+Sp0Z/adtyf1cfk3Q8=
|
||||
github.com/natefinch/atomic v0.0.0-20150920032501-a62ce929ffcc/go.mod h1:1rLVY/DWf3U6vSZgH16S7pymfrhK2lcUlXjgGglw/lY=
|
||||
github.com/ncw/swift v1.0.47 h1:4DQRPj35Y41WogBxyhOXlrI37nzGlyEcsforeudyYPQ=
|
||||
github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
|
||||
github.com/networkplumbing/go-nft v0.2.0/go.mod h1:HnnM+tYvlGAsMU7yoYwXEVLLiDW9gdMmb5HoGcwpuQs=
|
||||
github.com/nicolai86/scaleway-sdk v1.10.2-0.20180628010248-798f60e20bb2 h1:BQ1HW7hr4IVovMwWg0E0PYcyW8CzqDcVmaew9cujU4s=
|
||||
|
|
|
@ -1,249 +0,0 @@
|
|||
// Copyright (c) HashiCorp, Inc.
|
||||
// SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
package swift
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"os"
|
||||
"sort"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
log "github.com/hashicorp/go-hclog"
|
||||
|
||||
metrics "github.com/armon/go-metrics"
|
||||
cleanhttp "github.com/hashicorp/go-cleanhttp"
|
||||
"github.com/hashicorp/go-secure-stdlib/strutil"
|
||||
"github.com/hashicorp/vault/sdk/physical"
|
||||
"github.com/ncw/swift"
|
||||
)
|
||||
|
||||
// Verify SwiftBackend satisfies the correct interfaces
|
||||
var _ physical.Backend = (*SwiftBackend)(nil)
|
||||
|
||||
// SwiftBackend is a physical backend that stores data
|
||||
// within an OpenStack Swift container.
|
||||
type SwiftBackend struct {
|
||||
container string
|
||||
client *swift.Connection
|
||||
logger log.Logger
|
||||
permitPool *physical.PermitPool
|
||||
}
|
||||
|
||||
// NewSwiftBackend constructs a Swift backend using a pre-existing
|
||||
// container. Credentials can be provided to the backend, sourced
|
||||
// from the environment.
|
||||
func NewSwiftBackend(conf map[string]string, logger log.Logger) (physical.Backend, error) {
|
||||
var ok bool
|
||||
|
||||
username := os.Getenv("OS_USERNAME")
|
||||
if username == "" {
|
||||
username = conf["username"]
|
||||
if username == "" {
|
||||
return nil, fmt.Errorf("missing username")
|
||||
}
|
||||
}
|
||||
password := os.Getenv("OS_PASSWORD")
|
||||
if password == "" {
|
||||
password = conf["password"]
|
||||
if password == "" {
|
||||
return nil, fmt.Errorf("missing password")
|
||||
}
|
||||
}
|
||||
authUrl := os.Getenv("OS_AUTH_URL")
|
||||
if authUrl == "" {
|
||||
authUrl = conf["auth_url"]
|
||||
if authUrl == "" {
|
||||
return nil, fmt.Errorf("missing auth_url")
|
||||
}
|
||||
}
|
||||
container := os.Getenv("OS_CONTAINER")
|
||||
if container == "" {
|
||||
container = conf["container"]
|
||||
if container == "" {
|
||||
return nil, fmt.Errorf("missing container")
|
||||
}
|
||||
}
|
||||
project := os.Getenv("OS_PROJECT_NAME")
|
||||
if project == "" {
|
||||
if project, ok = conf["project"]; !ok {
|
||||
// Check for KeyStone naming prior to V3
|
||||
project = os.Getenv("OS_TENANT_NAME")
|
||||
if project == "" {
|
||||
project = conf["tenant"]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
domain := os.Getenv("OS_USER_DOMAIN_NAME")
|
||||
if domain == "" {
|
||||
domain = conf["domain"]
|
||||
}
|
||||
projectDomain := os.Getenv("OS_PROJECT_DOMAIN_NAME")
|
||||
if projectDomain == "" {
|
||||
projectDomain = conf["project-domain"]
|
||||
}
|
||||
|
||||
region := os.Getenv("OS_REGION_NAME")
|
||||
if region == "" {
|
||||
region = conf["region"]
|
||||
}
|
||||
tenantID := os.Getenv("OS_TENANT_ID")
|
||||
if tenantID == "" {
|
||||
tenantID = conf["tenant_id"]
|
||||
}
|
||||
trustID := os.Getenv("OS_TRUST_ID")
|
||||
if trustID == "" {
|
||||
trustID = conf["trust_id"]
|
||||
}
|
||||
storageUrl := os.Getenv("OS_STORAGE_URL")
|
||||
if storageUrl == "" {
|
||||
storageUrl = conf["storage_url"]
|
||||
}
|
||||
authToken := os.Getenv("OS_AUTH_TOKEN")
|
||||
if authToken == "" {
|
||||
authToken = conf["auth_token"]
|
||||
}
|
||||
|
||||
c := swift.Connection{
|
||||
Domain: domain,
|
||||
UserName: username,
|
||||
ApiKey: password,
|
||||
AuthUrl: authUrl,
|
||||
Tenant: project,
|
||||
TenantDomain: projectDomain,
|
||||
Region: region,
|
||||
TenantId: tenantID,
|
||||
TrustId: trustID,
|
||||
StorageUrl: storageUrl,
|
||||
AuthToken: authToken,
|
||||
Transport: cleanhttp.DefaultPooledTransport(),
|
||||
}
|
||||
|
||||
err := c.Authenticate()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
_, _, err = c.Container(container)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Unable to access container %q: %w", container, err)
|
||||
}
|
||||
|
||||
maxParStr, ok := conf["max_parallel"]
|
||||
var maxParInt int
|
||||
if ok {
|
||||
maxParInt, err = strconv.Atoi(maxParStr)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed parsing max_parallel parameter: %w", err)
|
||||
}
|
||||
if logger.IsDebug() {
|
||||
logger.Debug("max_parallel set", "max_parallel", maxParInt)
|
||||
}
|
||||
}
|
||||
|
||||
s := &SwiftBackend{
|
||||
client: &c,
|
||||
container: container,
|
||||
logger: logger,
|
||||
permitPool: physical.NewPermitPool(maxParInt),
|
||||
}
|
||||
return s, nil
|
||||
}
|
||||
|
||||
// Put is used to insert or update an entry
|
||||
func (s *SwiftBackend) Put(ctx context.Context, entry *physical.Entry) error {
|
||||
defer metrics.MeasureSince([]string{"swift", "put"}, time.Now())
|
||||
|
||||
s.permitPool.Acquire()
|
||||
defer s.permitPool.Release()
|
||||
|
||||
err := s.client.ObjectPutBytes(s.container, entry.Key, entry.Value, "")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Get is used to fetch an entry
|
||||
func (s *SwiftBackend) Get(ctx context.Context, key string) (*physical.Entry, error) {
|
||||
defer metrics.MeasureSince([]string{"swift", "get"}, time.Now())
|
||||
|
||||
s.permitPool.Acquire()
|
||||
defer s.permitPool.Release()
|
||||
|
||||
// Do a list of names with the key first since eventual consistency means
|
||||
// it might be deleted, but a node might return a read of bytes which fails
|
||||
// the physical test
|
||||
list, err := s.client.ObjectNames(s.container, &swift.ObjectsOpts{Prefix: key})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if 0 == len(list) {
|
||||
return nil, nil
|
||||
}
|
||||
data, err := s.client.ObjectGetBytes(s.container, key)
|
||||
if err == swift.ObjectNotFound {
|
||||
return nil, nil
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
ent := &physical.Entry{
|
||||
Key: key,
|
||||
Value: data,
|
||||
}
|
||||
|
||||
return ent, nil
|
||||
}
|
||||
|
||||
// Delete is used to permanently delete an entry
|
||||
func (s *SwiftBackend) Delete(ctx context.Context, key string) error {
|
||||
defer metrics.MeasureSince([]string{"swift", "delete"}, time.Now())
|
||||
|
||||
s.permitPool.Acquire()
|
||||
defer s.permitPool.Release()
|
||||
|
||||
err := s.client.ObjectDelete(s.container, key)
|
||||
|
||||
if err != nil && err != swift.ObjectNotFound {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// List is used to list all the keys under a given
|
||||
// prefix, up to the next prefix.
|
||||
func (s *SwiftBackend) List(ctx context.Context, prefix string) ([]string, error) {
|
||||
defer metrics.MeasureSince([]string{"swift", "list"}, time.Now())
|
||||
|
||||
s.permitPool.Acquire()
|
||||
defer s.permitPool.Release()
|
||||
|
||||
list, err := s.client.ObjectNamesAll(s.container, &swift.ObjectsOpts{Prefix: prefix})
|
||||
if nil != err {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
keys := []string{}
|
||||
for _, key := range list {
|
||||
key := strings.TrimPrefix(key, prefix)
|
||||
|
||||
if i := strings.Index(key, "/"); i == -1 {
|
||||
// Add objects only from the current 'folder'
|
||||
keys = append(keys, key)
|
||||
} else if i != -1 {
|
||||
// Add truncated 'folder' paths
|
||||
keys = strutil.AppendIfMissing(keys, key[:i+1])
|
||||
}
|
||||
}
|
||||
|
||||
sort.Strings(keys)
|
||||
|
||||
return keys, nil
|
||||
}
|
|
@ -1,94 +0,0 @@
|
|||
// Copyright (c) HashiCorp, Inc.
|
||||
// SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
package swift
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
log "github.com/hashicorp/go-hclog"
|
||||
|
||||
cleanhttp "github.com/hashicorp/go-cleanhttp"
|
||||
"github.com/hashicorp/vault/sdk/helper/logging"
|
||||
"github.com/hashicorp/vault/sdk/physical"
|
||||
"github.com/ncw/swift"
|
||||
)
|
||||
|
||||
func TestSwiftBackend(t *testing.T) {
|
||||
if os.Getenv("OS_USERNAME") == "" || os.Getenv("OS_PASSWORD") == "" ||
|
||||
os.Getenv("OS_AUTH_URL") == "" {
|
||||
t.SkipNow()
|
||||
}
|
||||
username := os.Getenv("OS_USERNAME")
|
||||
password := os.Getenv("OS_PASSWORD")
|
||||
authUrl := os.Getenv("OS_AUTH_URL")
|
||||
project := os.Getenv("OS_PROJECT_NAME")
|
||||
domain := os.Getenv("OS_USER_DOMAIN_NAME")
|
||||
projectDomain := os.Getenv("OS_PROJECT_DOMAIN_NAME")
|
||||
region := os.Getenv("OS_REGION_NAME")
|
||||
tenantID := os.Getenv("OS_TENANT_ID")
|
||||
|
||||
ts := time.Now().UnixNano()
|
||||
container := fmt.Sprintf("vault-test-%d", ts)
|
||||
|
||||
cleaner := swift.Connection{
|
||||
Domain: domain,
|
||||
UserName: username,
|
||||
ApiKey: password,
|
||||
AuthUrl: authUrl,
|
||||
Tenant: project,
|
||||
TenantDomain: projectDomain,
|
||||
Region: region,
|
||||
TenantId: tenantID,
|
||||
Transport: cleanhttp.DefaultPooledTransport(),
|
||||
}
|
||||
|
||||
err := cleaner.Authenticate()
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
|
||||
err = cleaner.ContainerCreate(container, nil)
|
||||
if nil != err {
|
||||
t.Fatalf("Unable to create test container %q: %v", container, err)
|
||||
}
|
||||
defer func() {
|
||||
newObjects, err := cleaner.ObjectNamesAll(container, nil)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
for _, o := range newObjects {
|
||||
err := cleaner.ObjectDelete(container, o)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
}
|
||||
err = cleaner.ContainerDelete(container)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
}()
|
||||
|
||||
logger := logging.NewVaultLogger(log.Debug)
|
||||
|
||||
b, err := NewSwiftBackend(map[string]string{
|
||||
"username": username,
|
||||
"password": password,
|
||||
"container": container,
|
||||
"auth_url": authUrl,
|
||||
"project": project,
|
||||
"domain": domain,
|
||||
"project-domain": projectDomain,
|
||||
"tenant_id": tenantID,
|
||||
"region": region,
|
||||
}, logger)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
|
||||
physical.ExerciseBackend(t, b)
|
||||
physical.ExerciseBackend_ListPrefix(t, b)
|
||||
}
|
Loading…
Reference in New Issue
Block a user