aerospike 2.20.1 → 2.22.0

data/lib/aerospike/connection/authenticate.rb

@@ -21,9 +21,41 @@ module Aerospike
   module Connection # :nodoc:
     module Authenticate
       class << self
-        def call(conn, user, password)
-          command = AdminCommand.new
-          command.authenticate(conn, user, password)
+        def call(conn, user, hashed_pass)
+          command = LoginCommand.new
+          command.authenticate(conn, user, hashed_pass)
+          true
+        rescue ::Aerospike::Exceptions::Aerospike
+          conn.close if conn
+          raise ::Aerospike::Exceptions::InvalidCredentials
+        end
+      end
+    end
+    module AuthenticateNew
+      class << self
+        INVALID_SESSION_ERR = [ResultCode::INVALID_CREDENTIAL,
+          ResultCode::EXPIRED_SESSION]
+
+        def call(conn, cluster)
+          command = LoginCommand.new
+          if !cluster.session_valid?
+            command.authenticate_new(conn, cluster)
+          else
+            begin
+              command.authenticate_via_token(conn, cluster)
+            rescue => ae
+              # always reset session info on errors to be on the safe side
+              cluster.reset_session_info
+              if ae.is_a?(Exceptions::Aerospike)
+                if INVALID_SESSION_ERR.include?(ae.result_code)
+                  command.authenticate_new(conn, cluster)
+                  return true
+                end
+              end
+              raise ae
+            end
+          end
+
           true
         rescue ::Aerospike::Exceptions::Aerospike
           conn.close if conn
@@ -33,3 +65,4 @@ module Aerospike
     end
   end
 end
+

data/lib/aerospike/node_validator.rb

@@ -40,6 +40,7 @@ module Aerospike
 
     def get_hosts(address)
       aliases = [get_alias(address, host.port)]
+      res = []
 
       begin
         conn = Cluster::CreateConnection.(@cluster, Host.new(address, host.port, host.tls_name))
@@ -61,11 +62,15 @@ module Aerospike
         unless is_loopback?(address)
           aliases = info_map[address_command].split(',').map { |addr| get_alias(*addr.split(':')) }
         end
+
+        res = aliases.map { |al| Host.new(al[:address], al[:port], host.tls_name) }
+      rescue
+        # we don't care about the actual connection error; Just need to continue
       ensure
         conn.close if conn
       end
 
-      aliases.map { |al| Host.new(al[:address], al[:port], host.tls_name) }
+      res
     end
 
     def get_alias(address, port)

data/lib/aerospike/policy/auth_mode.rb

@@ -0,0 +1,36 @@
+# encoding: utf-8
+# Copyright 2014-2020 Aerospike, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module Aerospike
+
+  module AuthMode
+
+    # INTERNAL uses internal authentication only when user/password defined. Hashed password is stored
+    # on the server. Do not send clear password. This is the default.
+    INTERNAL = 0
+
+    # EXTERNAL uses external authentication (like LDAP) when user/password defined. Specific external authentication is
+    # configured on server. If TLS is defined, sends clear password on node login via TLS.
+    # Will raise exception if TLS is not defined.
+    EXTERNAL = 1
+
+    # PKI allows authentication and authorization based on a certificate. No user name or
+    # password needs to be configured. Requires TLS and a client certificate.
+    # Requires server version 5.7.0+
+    PKI = 2
+
+  end # module
+
+end # module

data/lib/aerospike/policy/client_policy.rb

@@ -22,7 +22,7 @@ module Aerospike
   # Container object for client policy command.
   class ClientPolicy
 
-    attr_accessor :user, :password
+    attr_accessor :user, :password, :auth_mode
     attr_accessor :timeout, :connection_queue_size, :fail_if_not_connected, :tend_interval
     attr_accessor :cluster_name
     attr_accessor :tls
@@ -44,6 +44,9 @@ module Aerospike
       # which the client checks for cluster state changes. Minimum interval is 10ms.
       self.tend_interval = opt[:tend_interval] || 1000 # 1 second
 
+      # Authentication mode
+      @auth_mode = opt[:auth_mode] || AuthMode::INTERNAL
+
       # user name
       @user = opt[:user]
 

data/lib/aerospike/privilege.rb

@@ -0,0 +1,133 @@
+# encoding: utf-8
+# Copyright 2014-2022 Aerospike, Inc.
+#
+# Portions may be licensed to Aerospike, Inc. under one or more contributor
+# license agreements.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+module Aerospike
+
+	# Determines user access granularity.
+	class Privilege
+
+		# Role
+		attr_accessor :code
+
+		# Namespace determines namespace scope. Apply permission to this namespace only.
+		# If namespace is zero value, the privilege applies to all namespaces.
+		attr_accessor :namespace
+
+		# Set name scope. Apply permission to this set within namespace only.
+		# If set is zero value, the privilege applies to all sets within namespace.
+		attr_accessor :set_name
+
+	    # Manage users and their roles.
+	    USER_ADMIN = 'user-admin'
+
+	    # Manage indicies, user-defined functions and server configuration.
+	    SYS_ADMIN = 'sys-admin'
+
+	    # Manage indicies and user defined functions.
+	    DATA_ADMIN = 'data-admin'
+
+	    # Manage user defined functions.
+	    UDF_ADMIN = 'udf-admin'
+
+	    # Manage indicies.
+	    SINDEX_ADMIN = 'sindex-admin'
+
+	    # Allow read, write and UDF transactions with the database.
+	    READ_WRITE_UDF = "read-write-udf"
+
+	    # Allow read and write transactions with the database.
+	    READ_WRITE = 'read-write'
+
+	    # Allow read transactions with the database.
+	    READ = 'read'
+
+	    # Write allows write transactions with the database.
+	    WRITE = 'write'
+
+	    # Truncate allow issuing truncate commands.
+	    TRUNCATE = 'truncate'
+
+	    def initialize(opt={})
+	      @code = opt[:code]
+	      @namespace = opt[:namespace]
+	      @set_name = opt[:set_name]
+	    end
+
+		def to_s
+			"code: #{@code}, namespace: #{@namespace}, set_name: #{@set_name}"
+		end
+
+		def to_code
+			case @code
+			when USER_ADMIN
+				0
+			when SYS_ADMIN
+				1
+			when DATA_ADMIN
+				2
+			when UDF_ADMIN
+				3
+			when SINDEX_ADMIN
+				4
+			when READ
+				10
+			when READ_WRITE
+				11
+			when READ_WRITE_UDF
+				12
+			when WRITE
+				13
+			when TRUNCATE
+				14
+			else
+				raise Exceptions::Aerospike.new(Aerospike::ResultCode::INVALID_PRIVILEGE, "Invalid role #{@code}")
+			end # case
+		end # def
+
+		def self.from(code)
+			case code
+			when 0
+				USER_ADMIN
+			when 1
+				SYS_ADMIN
+			when 2
+				DATA_ADMIN
+			when 3
+				UDF_ADMIN
+			when 4
+				SINDEX_ADMIN
+			when 10
+				READ
+			when 11
+				READ_WRITE
+			when 12
+				READ_WRITE_UDF
+			when 13
+				WRITE
+			when 14
+				TRUNCATE
+			else
+				raise Exceptions::Aerospike.new(Aerospike::ResultCode::INVALID_PRIVILEGE, "Invalid code #{code}")
+			end # case
+		end # def
+
+		def can_scope?
+			to_code >= 10
+		end
+
+	end # class
+
+end

data/lib/aerospike/result_code.rb

@@ -182,7 +182,7 @@ module Aerospike
     # Privilege is invalid.
     INVALID_PRIVILEGE = 72
 
-    # Specified IP whitelist is invalid.
+    # Specified IP allowlist is invalid.
     INVALID_WHITELIST = 73
 
     # User must be authentication before performing database operations.
@@ -191,7 +191,7 @@ module Aerospike
     # User does not posses the required role to perform the database operation.
     ROLE_VIOLATION = 81
 
-    # Client IP address is not on the IP whitelist.
+    # Client IP address is not on the IP allowlist.
     NOT_WHITELISTED = 82
 
     # LDAP feature not enabled on server.
@@ -422,7 +422,7 @@ module Aerospike
         "Invalid privilege"
 
       when INVALID_WHITELIST
-        "Specified IP whitelist is invalid"
+        "Specified IP allowlist is invalid"
 
       when NOT_AUTHENTICATED
         "Not authenticated"
@@ -431,7 +431,7 @@ module Aerospike
         "Role violation"
 
       when NOT_WHITELISTED
-        "Client IP address is not on the IP whitelist"
+        "Client IP address is not on the IP allowlist"
 
       when LDAP_NOT_ENABLED
         "LDAP feature not enabled on server"

data/lib/aerospike/role.rb

@@ -0,0 +1,55 @@
+# encoding: utf-8
+# Copyright 2014-2020 Aerospike, Inc.
+#
+# Portions may be licensed to Aerospike, Inc. under one or more contributor
+# license agreements.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+module Aerospike
+
+  # Role provides granular access to database entities for users.
+  class Role
+
+    # Role name
+    attr_accessor :name
+
+    # List of assigned privileges
+    attr_accessor :privileges
+
+    # List of allowable IP addresses
+    attr_accessor :allowlist
+
+    # Maximum reads per second limit for the role
+    attr_accessor :read_quota
+
+    # Maximum writes per second limit for the role
+    attr_accessor :write_quota
+
+    # The following aliases are for backward compatibility reasons
+    USER_ADMIN = Privilege::USER_ADMIN # :nodoc:
+    SYS_ADMIN = Privilege::SYS_ADMIN # :nodoc:
+    DATA_ADMIN = Privilege::DATA_ADMIN # :nodoc:
+    UDF_ADMIN = Privilege::UDF_ADMIN # :nodoc:
+    SINDEX_ADMIN = Privilege::SINDEX_ADMIN # :nodoc:
+    READ_WRITE_UDF = Privilege::READ_WRITE_UDF # :nodoc:
+    READ_WRITE = Privilege::READ_WRITE # :nodoc:
+    READ = Privilege::READ # :nodoc:
+    WRITE = Privilege::WRITE # :nodoc:
+    TRUNCATE = Privilege::TRUNCATE # :nodoc:
+
+    def to_s
+      "Role [name=#{@name}, privileges=#{@privileges}, allowlist=#{@allowlist}, readQuota=#{@read_quota}, writeQuota=#{@write_quota}]";
+    end
+ 
+  end # class
+
+end # module

data/lib/aerospike/user_role.rb

@@ -25,6 +25,31 @@ module Aerospike
 		# List of assigned roles.
 		attr_accessor :roles
 
+		# List of read statistics. List may be nil.
+		# Current statistics by offset are:
+		#
+		# 0: read quota in records per second
+		# 1: single record read transaction rate (TPS)
+		# 2: read scan/query record per second rate (RPS)
+		# 3: number of limitless read scans/queries
+		#
+		# Future server releases may add additional statistics.
+		attr_accessor :read_info
+
+		# List of write statistics. List may be nil.
+		# Current statistics by offset are:
+		#
+		# 0: write quota in records per second
+		# 1: single record write transaction rate (TPS)
+		# 2: write scan/query record per second rate (RPS)
+		# 3: number of limitless write scans/queries
+		#
+		# Future server releases may add additional statistics.
+		attr_accessor :write_info
+
+		# Number of currently open connections for the user
+		attr_accessor :conns_in_use
+
 	end
 
 end

data/lib/aerospike/utils/buffer.rb

@@ -67,6 +67,12 @@ module Aerospike
     end
 
     def resize(length)
+      # Corrupted data streams can result in a hug.length.
+      # Do a sanity check here.
+      if length > MAX_BUFFER_SIZE
+        raise Aerospike::Exceptions::Parse.new("Invalid size for buffer: #{length}")
+      end
+
       if @buf.bytesize < length
         @buf.concat("%0#{length - @buf.bytesize}d" % 0)
       end
@@ -136,16 +142,31 @@ module Aerospike
       vals.unpack(INT16)[0]
     end
 
+    def read_uint16(offset)
+      vals = @buf[offset..offset+1]
+      vals.unpack(UINT16)[0]
+    end
+
     def read_int32(offset)
       vals = @buf[offset..offset+3]
       vals.unpack(INT32)[0]
     end
 
+    def read_uint32(offset)
+      vals = @buf[offset..offset+3]
+      vals.unpack(UINT32)[0]
+    end
+
     def read_int64(offset)
       vals = @buf[offset..offset+7]
       vals.unpack(INT64)[0]
     end
 
+    def read_uint64(offset)
+      vals = @buf[offset..offset+7]
+      vals.unpack(UINT64)[0]
+    end
+
     def read_var_int64(offset, len)
       val = 0
       i = 0

data/lib/aerospike/version.rb

@@ -1,4 +1,4 @@
 # encoding: utf-8
 module Aerospike
-  VERSION = "2.20.1"
+  VERSION = "2.22.0"
 end

data/lib/aerospike.rb

@@ -62,6 +62,7 @@ require 'aerospike/command/touch_command'
 require 'aerospike/command/read_command'
 require 'aerospike/command/delete_command'
 require 'aerospike/command/admin_command'
+require 'aerospike/command/login_command'
 require 'aerospike/command/unsupported_particle_type_validator'
 require 'aerospike/key'
 require 'aerospike/operation'
@@ -101,6 +102,7 @@ require 'aerospike/policy/query_policy'
 require 'aerospike/policy/consistency_level'
 require 'aerospike/policy/commit_level'
 require 'aerospike/policy/admin_policy'
+require 'aerospike/policy/auth_mode'
 
 require 'aerospike/socket/base'
 require 'aerospike/socket/ssl'
@@ -141,6 +143,8 @@ require 'aerospike/udf'
 require 'aerospike/bin'
 require 'aerospike/aerospike_exception'
 require 'aerospike/user_role'
+require 'aerospike/privilege'
+require 'aerospike/role'
 
 require 'aerospike/task/index_task'
 require 'aerospike/task/execute_task'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aerospike
 version: !ruby/object:Gem::Version
-  version: 2.20.1
+  version: 2.22.0
 platform: ruby
 authors:
 - Khosrow Afroozeh
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-05-10 00:00:00.000000000 Z
+date: 2022-07-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: msgpack
@@ -97,11 +97,11 @@ files:
 - lib/aerospike/command/execute_command.rb
 - lib/aerospike/command/exists_command.rb
 - lib/aerospike/command/field_type.rb
+- lib/aerospike/command/login_command.rb
 - lib/aerospike/command/multi_command.rb
 - lib/aerospike/command/operate_command.rb
 - lib/aerospike/command/read_command.rb
 - lib/aerospike/command/read_header_command.rb
-- lib/aerospike/command/roles.rb
 - lib/aerospike/command/single_command.rb
 - lib/aerospike/command/touch_command.rb
 - lib/aerospike/command/unsupported_particle_type_validator.rb
@@ -138,6 +138,7 @@ files:
 - lib/aerospike/peers/fetch.rb
 - lib/aerospike/peers/parse.rb
 - lib/aerospike/policy/admin_policy.rb
+- lib/aerospike/policy/auth_mode.rb
 - lib/aerospike/policy/batch_policy.rb
 - lib/aerospike/policy/client_policy.rb
 - lib/aerospike/policy/commit_level.rb
@@ -152,6 +153,7 @@ files:
 - lib/aerospike/policy/replica.rb
 - lib/aerospike/policy/scan_policy.rb
 - lib/aerospike/policy/write_policy.rb
+- lib/aerospike/privilege.rb
 - lib/aerospike/query/filter.rb
 - lib/aerospike/query/pred_exp.rb
 - lib/aerospike/query/pred_exp/and_or.rb
@@ -168,6 +170,7 @@ files:
 - lib/aerospike/query/stream_command.rb
 - lib/aerospike/record.rb
 - lib/aerospike/result_code.rb
+- lib/aerospike/role.rb
 - lib/aerospike/socket/base.rb
 - lib/aerospike/socket/ssl.rb
 - lib/aerospike/socket/tcp.rb

data/lib/aerospike/command/roles.rb

@@ -1,39 +0,0 @@
-# encoding: utf-8
-# Copyright 2014-2020 Aerospike, Inc.
-#
-# Portions may be licensed to Aerospike, Inc. under one or more contributor
-# license agreements.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may not
-# use this file except in compliance with the License. You may obtain a copy of
-# the License at http:#www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations under
-# the License.
-
-module Aerospike
-
-  # Pre-defined user roles.
-  module Role
-
-    # Manage users and their roles.
-    USER_ADMIN = 'user-admin'
-
-    # Manage indicies, user-defined functions and server configuration.
-    SYS_ADMIN = 'sys-admin'
-
-    # Allow read, write and UDF transactions with the database.
-    READ_WRITE_UDF = "read-write-udf"
-
-    # Allow read and write transactions with the database.
-    READ_WRITE = 'read-write'
-
-    # Allow read transactions with the database.
-    READ = 'read'
-
-  end # module
-
-end # module