aerospike 2.20.1 → 2.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -21,9 +21,41 @@ module Aerospike
21
21
  module Connection # :nodoc:
22
22
  module Authenticate
23
23
  class << self
24
- def call(conn, user, password)
25
- command = AdminCommand.new
26
- command.authenticate(conn, user, password)
24
+ def call(conn, user, hashed_pass)
25
+ command = LoginCommand.new
26
+ command.authenticate(conn, user, hashed_pass)
27
+ true
28
+ rescue ::Aerospike::Exceptions::Aerospike
29
+ conn.close if conn
30
+ raise ::Aerospike::Exceptions::InvalidCredentials
31
+ end
32
+ end
33
+ end
34
+ module AuthenticateNew
35
+ class << self
36
+ INVALID_SESSION_ERR = [ResultCode::INVALID_CREDENTIAL,
37
+ ResultCode::EXPIRED_SESSION]
38
+
39
+ def call(conn, cluster)
40
+ command = LoginCommand.new
41
+ if !cluster.session_valid?
42
+ command.authenticate_new(conn, cluster)
43
+ else
44
+ begin
45
+ command.authenticate_via_token(conn, cluster)
46
+ rescue => ae
47
+ # always reset session info on errors to be on the safe side
48
+ cluster.reset_session_info
49
+ if ae.is_a?(Exceptions::Aerospike)
50
+ if INVALID_SESSION_ERR.include?(ae.result_code)
51
+ command.authenticate_new(conn, cluster)
52
+ return true
53
+ end
54
+ end
55
+ raise ae
56
+ end
57
+ end
58
+
27
59
  true
28
60
  rescue ::Aerospike::Exceptions::Aerospike
29
61
  conn.close if conn
@@ -33,3 +65,4 @@ module Aerospike
33
65
  end
34
66
  end
35
67
  end
68
+
@@ -40,6 +40,7 @@ module Aerospike
40
40
 
41
41
  def get_hosts(address)
42
42
  aliases = [get_alias(address, host.port)]
43
+ res = []
43
44
 
44
45
  begin
45
46
  conn = Cluster::CreateConnection.(@cluster, Host.new(address, host.port, host.tls_name))
@@ -61,11 +62,15 @@ module Aerospike
61
62
  unless is_loopback?(address)
62
63
  aliases = info_map[address_command].split(',').map { |addr| get_alias(*addr.split(':')) }
63
64
  end
65
+
66
+ res = aliases.map { |al| Host.new(al[:address], al[:port], host.tls_name) }
67
+ rescue
68
+ # we don't care about the actual connection error; Just need to continue
64
69
  ensure
65
70
  conn.close if conn
66
71
  end
67
72
 
68
- aliases.map { |al| Host.new(al[:address], al[:port], host.tls_name) }
73
+ res
69
74
  end
70
75
 
71
76
  def get_alias(address, port)
@@ -0,0 +1,36 @@
1
+ # encoding: utf-8
2
+ # Copyright 2014-2020 Aerospike, Inc.
3
+ #
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+ #
8
+ # http:#www.apache.org/licenses/LICENSE-2.0
9
+ #
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
16
+ module Aerospike
17
+
18
+ module AuthMode
19
+
20
+ # INTERNAL uses internal authentication only when user/password defined. Hashed password is stored
21
+ # on the server. Do not send clear password. This is the default.
22
+ INTERNAL = 0
23
+
24
+ # EXTERNAL uses external authentication (like LDAP) when user/password defined. Specific external authentication is
25
+ # configured on server. If TLS is defined, sends clear password on node login via TLS.
26
+ # Will raise exception if TLS is not defined.
27
+ EXTERNAL = 1
28
+
29
+ # PKI allows authentication and authorization based on a certificate. No user name or
30
+ # password needs to be configured. Requires TLS and a client certificate.
31
+ # Requires server version 5.7.0+
32
+ PKI = 2
33
+
34
+ end # module
35
+
36
+ end # module
@@ -22,7 +22,7 @@ module Aerospike
22
22
  # Container object for client policy command.
23
23
  class ClientPolicy
24
24
 
25
- attr_accessor :user, :password
25
+ attr_accessor :user, :password, :auth_mode
26
26
  attr_accessor :timeout, :connection_queue_size, :fail_if_not_connected, :tend_interval
27
27
  attr_accessor :cluster_name
28
28
  attr_accessor :tls
@@ -44,6 +44,9 @@ module Aerospike
44
44
  # which the client checks for cluster state changes. Minimum interval is 10ms.
45
45
  self.tend_interval = opt[:tend_interval] || 1000 # 1 second
46
46
 
47
+ # Authentication mode
48
+ @auth_mode = opt[:auth_mode] || AuthMode::INTERNAL
49
+
47
50
  # user name
48
51
  @user = opt[:user]
49
52
 
@@ -0,0 +1,133 @@
1
+ # encoding: utf-8
2
+ # Copyright 2014-2022 Aerospike, Inc.
3
+ #
4
+ # Portions may be licensed to Aerospike, Inc. under one or more contributor
5
+ # license agreements.
6
+ #
7
+ # Licensed under the Apache License, Version 2.0 (the "License"); you may not
8
+ # use this file except in compliance with the License. You may obtain a copy of
9
+ # the License at http:#www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13
+ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14
+ # License for the specific language governing permissions and limitations under
15
+ # the License.
16
+
17
+ module Aerospike
18
+
19
+ # Determines user access granularity.
20
+ class Privilege
21
+
22
+ # Role
23
+ attr_accessor :code
24
+
25
+ # Namespace determines namespace scope. Apply permission to this namespace only.
26
+ # If namespace is zero value, the privilege applies to all namespaces.
27
+ attr_accessor :namespace
28
+
29
+ # Set name scope. Apply permission to this set within namespace only.
30
+ # If set is zero value, the privilege applies to all sets within namespace.
31
+ attr_accessor :set_name
32
+
33
+ # Manage users and their roles.
34
+ USER_ADMIN = 'user-admin'
35
+
36
+ # Manage indicies, user-defined functions and server configuration.
37
+ SYS_ADMIN = 'sys-admin'
38
+
39
+ # Manage indicies and user defined functions.
40
+ DATA_ADMIN = 'data-admin'
41
+
42
+ # Manage user defined functions.
43
+ UDF_ADMIN = 'udf-admin'
44
+
45
+ # Manage indicies.
46
+ SINDEX_ADMIN = 'sindex-admin'
47
+
48
+ # Allow read, write and UDF transactions with the database.
49
+ READ_WRITE_UDF = "read-write-udf"
50
+
51
+ # Allow read and write transactions with the database.
52
+ READ_WRITE = 'read-write'
53
+
54
+ # Allow read transactions with the database.
55
+ READ = 'read'
56
+
57
+ # Write allows write transactions with the database.
58
+ WRITE = 'write'
59
+
60
+ # Truncate allow issuing truncate commands.
61
+ TRUNCATE = 'truncate'
62
+
63
+ def initialize(opt={})
64
+ @code = opt[:code]
65
+ @namespace = opt[:namespace]
66
+ @set_name = opt[:set_name]
67
+ end
68
+
69
+ def to_s
70
+ "code: #{@code}, namespace: #{@namespace}, set_name: #{@set_name}"
71
+ end
72
+
73
+ def to_code
74
+ case @code
75
+ when USER_ADMIN
76
+ 0
77
+ when SYS_ADMIN
78
+ 1
79
+ when DATA_ADMIN
80
+ 2
81
+ when UDF_ADMIN
82
+ 3
83
+ when SINDEX_ADMIN
84
+ 4
85
+ when READ
86
+ 10
87
+ when READ_WRITE
88
+ 11
89
+ when READ_WRITE_UDF
90
+ 12
91
+ when WRITE
92
+ 13
93
+ when TRUNCATE
94
+ 14
95
+ else
96
+ raise Exceptions::Aerospike.new(Aerospike::ResultCode::INVALID_PRIVILEGE, "Invalid role #{@code}")
97
+ end # case
98
+ end # def
99
+
100
+ def self.from(code)
101
+ case code
102
+ when 0
103
+ USER_ADMIN
104
+ when 1
105
+ SYS_ADMIN
106
+ when 2
107
+ DATA_ADMIN
108
+ when 3
109
+ UDF_ADMIN
110
+ when 4
111
+ SINDEX_ADMIN
112
+ when 10
113
+ READ
114
+ when 11
115
+ READ_WRITE
116
+ when 12
117
+ READ_WRITE_UDF
118
+ when 13
119
+ WRITE
120
+ when 14
121
+ TRUNCATE
122
+ else
123
+ raise Exceptions::Aerospike.new(Aerospike::ResultCode::INVALID_PRIVILEGE, "Invalid code #{code}")
124
+ end # case
125
+ end # def
126
+
127
+ def can_scope?
128
+ to_code >= 10
129
+ end
130
+
131
+ end # class
132
+
133
+ end
@@ -182,7 +182,7 @@ module Aerospike
182
182
  # Privilege is invalid.
183
183
  INVALID_PRIVILEGE = 72
184
184
 
185
- # Specified IP whitelist is invalid.
185
+ # Specified IP allowlist is invalid.
186
186
  INVALID_WHITELIST = 73
187
187
 
188
188
  # User must be authentication before performing database operations.
@@ -191,7 +191,7 @@ module Aerospike
191
191
  # User does not posses the required role to perform the database operation.
192
192
  ROLE_VIOLATION = 81
193
193
 
194
- # Client IP address is not on the IP whitelist.
194
+ # Client IP address is not on the IP allowlist.
195
195
  NOT_WHITELISTED = 82
196
196
 
197
197
  # LDAP feature not enabled on server.
@@ -422,7 +422,7 @@ module Aerospike
422
422
  "Invalid privilege"
423
423
 
424
424
  when INVALID_WHITELIST
425
- "Specified IP whitelist is invalid"
425
+ "Specified IP allowlist is invalid"
426
426
 
427
427
  when NOT_AUTHENTICATED
428
428
  "Not authenticated"
@@ -431,7 +431,7 @@ module Aerospike
431
431
  "Role violation"
432
432
 
433
433
  when NOT_WHITELISTED
434
- "Client IP address is not on the IP whitelist"
434
+ "Client IP address is not on the IP allowlist"
435
435
 
436
436
  when LDAP_NOT_ENABLED
437
437
  "LDAP feature not enabled on server"
@@ -0,0 +1,55 @@
1
+ # encoding: utf-8
2
+ # Copyright 2014-2020 Aerospike, Inc.
3
+ #
4
+ # Portions may be licensed to Aerospike, Inc. under one or more contributor
5
+ # license agreements.
6
+ #
7
+ # Licensed under the Apache License, Version 2.0 (the "License"); you may not
8
+ # use this file except in compliance with the License. You may obtain a copy of
9
+ # the License at http:#www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13
+ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14
+ # License for the specific language governing permissions and limitations under
15
+ # the License.
16
+
17
+ module Aerospike
18
+
19
+ # Role provides granular access to database entities for users.
20
+ class Role
21
+
22
+ # Role name
23
+ attr_accessor :name
24
+
25
+ # List of assigned privileges
26
+ attr_accessor :privileges
27
+
28
+ # List of allowable IP addresses
29
+ attr_accessor :allowlist
30
+
31
+ # Maximum reads per second limit for the role
32
+ attr_accessor :read_quota
33
+
34
+ # Maximum writes per second limit for the role
35
+ attr_accessor :write_quota
36
+
37
+ # The following aliases are for backward compatibility reasons
38
+ USER_ADMIN = Privilege::USER_ADMIN # :nodoc:
39
+ SYS_ADMIN = Privilege::SYS_ADMIN # :nodoc:
40
+ DATA_ADMIN = Privilege::DATA_ADMIN # :nodoc:
41
+ UDF_ADMIN = Privilege::UDF_ADMIN # :nodoc:
42
+ SINDEX_ADMIN = Privilege::SINDEX_ADMIN # :nodoc:
43
+ READ_WRITE_UDF = Privilege::READ_WRITE_UDF # :nodoc:
44
+ READ_WRITE = Privilege::READ_WRITE # :nodoc:
45
+ READ = Privilege::READ # :nodoc:
46
+ WRITE = Privilege::WRITE # :nodoc:
47
+ TRUNCATE = Privilege::TRUNCATE # :nodoc:
48
+
49
+ def to_s
50
+ "Role [name=#{@name}, privileges=#{@privileges}, allowlist=#{@allowlist}, readQuota=#{@read_quota}, writeQuota=#{@write_quota}]";
51
+ end
52
+
53
+ end # class
54
+
55
+ end # module
@@ -25,6 +25,31 @@ module Aerospike
25
25
  # List of assigned roles.
26
26
  attr_accessor :roles
27
27
 
28
+ # List of read statistics. List may be nil.
29
+ # Current statistics by offset are:
30
+ #
31
+ # 0: read quota in records per second
32
+ # 1: single record read transaction rate (TPS)
33
+ # 2: read scan/query record per second rate (RPS)
34
+ # 3: number of limitless read scans/queries
35
+ #
36
+ # Future server releases may add additional statistics.
37
+ attr_accessor :read_info
38
+
39
+ # List of write statistics. List may be nil.
40
+ # Current statistics by offset are:
41
+ #
42
+ # 0: write quota in records per second
43
+ # 1: single record write transaction rate (TPS)
44
+ # 2: write scan/query record per second rate (RPS)
45
+ # 3: number of limitless write scans/queries
46
+ #
47
+ # Future server releases may add additional statistics.
48
+ attr_accessor :write_info
49
+
50
+ # Number of currently open connections for the user
51
+ attr_accessor :conns_in_use
52
+
28
53
  end
29
54
 
30
55
  end
@@ -67,6 +67,12 @@ module Aerospike
67
67
  end
68
68
 
69
69
  def resize(length)
70
+ # Corrupted data streams can result in a hug.length.
71
+ # Do a sanity check here.
72
+ if length > MAX_BUFFER_SIZE
73
+ raise Aerospike::Exceptions::Parse.new("Invalid size for buffer: #{length}")
74
+ end
75
+
70
76
  if @buf.bytesize < length
71
77
  @buf.concat("%0#{length - @buf.bytesize}d" % 0)
72
78
  end
@@ -136,16 +142,31 @@ module Aerospike
136
142
  vals.unpack(INT16)[0]
137
143
  end
138
144
 
145
+ def read_uint16(offset)
146
+ vals = @buf[offset..offset+1]
147
+ vals.unpack(UINT16)[0]
148
+ end
149
+
139
150
  def read_int32(offset)
140
151
  vals = @buf[offset..offset+3]
141
152
  vals.unpack(INT32)[0]
142
153
  end
143
154
 
155
+ def read_uint32(offset)
156
+ vals = @buf[offset..offset+3]
157
+ vals.unpack(UINT32)[0]
158
+ end
159
+
144
160
  def read_int64(offset)
145
161
  vals = @buf[offset..offset+7]
146
162
  vals.unpack(INT64)[0]
147
163
  end
148
164
 
165
+ def read_uint64(offset)
166
+ vals = @buf[offset..offset+7]
167
+ vals.unpack(UINT64)[0]
168
+ end
169
+
149
170
  def read_var_int64(offset, len)
150
171
  val = 0
151
172
  i = 0
@@ -1,4 +1,4 @@
1
1
  # encoding: utf-8
2
2
  module Aerospike
3
- VERSION = "2.20.1"
3
+ VERSION = "2.22.0"
4
4
  end
data/lib/aerospike.rb CHANGED
@@ -62,6 +62,7 @@ require 'aerospike/command/touch_command'
62
62
  require 'aerospike/command/read_command'
63
63
  require 'aerospike/command/delete_command'
64
64
  require 'aerospike/command/admin_command'
65
+ require 'aerospike/command/login_command'
65
66
  require 'aerospike/command/unsupported_particle_type_validator'
66
67
  require 'aerospike/key'
67
68
  require 'aerospike/operation'
@@ -101,6 +102,7 @@ require 'aerospike/policy/query_policy'
101
102
  require 'aerospike/policy/consistency_level'
102
103
  require 'aerospike/policy/commit_level'
103
104
  require 'aerospike/policy/admin_policy'
105
+ require 'aerospike/policy/auth_mode'
104
106
 
105
107
  require 'aerospike/socket/base'
106
108
  require 'aerospike/socket/ssl'
@@ -141,6 +143,8 @@ require 'aerospike/udf'
141
143
  require 'aerospike/bin'
142
144
  require 'aerospike/aerospike_exception'
143
145
  require 'aerospike/user_role'
146
+ require 'aerospike/privilege'
147
+ require 'aerospike/role'
144
148
 
145
149
  require 'aerospike/task/index_task'
146
150
  require 'aerospike/task/execute_task'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aerospike
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.20.1
4
+ version: 2.22.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Khosrow Afroozeh
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2022-05-10 00:00:00.000000000 Z
12
+ date: 2022-07-14 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: msgpack
@@ -97,11 +97,11 @@ files:
97
97
  - lib/aerospike/command/execute_command.rb
98
98
  - lib/aerospike/command/exists_command.rb
99
99
  - lib/aerospike/command/field_type.rb
100
+ - lib/aerospike/command/login_command.rb
100
101
  - lib/aerospike/command/multi_command.rb
101
102
  - lib/aerospike/command/operate_command.rb
102
103
  - lib/aerospike/command/read_command.rb
103
104
  - lib/aerospike/command/read_header_command.rb
104
- - lib/aerospike/command/roles.rb
105
105
  - lib/aerospike/command/single_command.rb
106
106
  - lib/aerospike/command/touch_command.rb
107
107
  - lib/aerospike/command/unsupported_particle_type_validator.rb
@@ -138,6 +138,7 @@ files:
138
138
  - lib/aerospike/peers/fetch.rb
139
139
  - lib/aerospike/peers/parse.rb
140
140
  - lib/aerospike/policy/admin_policy.rb
141
+ - lib/aerospike/policy/auth_mode.rb
141
142
  - lib/aerospike/policy/batch_policy.rb
142
143
  - lib/aerospike/policy/client_policy.rb
143
144
  - lib/aerospike/policy/commit_level.rb
@@ -152,6 +153,7 @@ files:
152
153
  - lib/aerospike/policy/replica.rb
153
154
  - lib/aerospike/policy/scan_policy.rb
154
155
  - lib/aerospike/policy/write_policy.rb
156
+ - lib/aerospike/privilege.rb
155
157
  - lib/aerospike/query/filter.rb
156
158
  - lib/aerospike/query/pred_exp.rb
157
159
  - lib/aerospike/query/pred_exp/and_or.rb
@@ -168,6 +170,7 @@ files:
168
170
  - lib/aerospike/query/stream_command.rb
169
171
  - lib/aerospike/record.rb
170
172
  - lib/aerospike/result_code.rb
173
+ - lib/aerospike/role.rb
171
174
  - lib/aerospike/socket/base.rb
172
175
  - lib/aerospike/socket/ssl.rb
173
176
  - lib/aerospike/socket/tcp.rb
@@ -1,39 +0,0 @@
1
- # encoding: utf-8
2
- # Copyright 2014-2020 Aerospike, Inc.
3
- #
4
- # Portions may be licensed to Aerospike, Inc. under one or more contributor
5
- # license agreements.
6
- #
7
- # Licensed under the Apache License, Version 2.0 (the "License"); you may not
8
- # use this file except in compliance with the License. You may obtain a copy of
9
- # the License at http:#www.apache.org/licenses/LICENSE-2.0
10
- #
11
- # Unless required by applicable law or agreed to in writing, software
12
- # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13
- # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14
- # License for the specific language governing permissions and limitations under
15
- # the License.
16
-
17
- module Aerospike
18
-
19
- # Pre-defined user roles.
20
- module Role
21
-
22
- # Manage users and their roles.
23
- USER_ADMIN = 'user-admin'
24
-
25
- # Manage indicies, user-defined functions and server configuration.
26
- SYS_ADMIN = 'sys-admin'
27
-
28
- # Allow read, write and UDF transactions with the database.
29
- READ_WRITE_UDF = "read-write-udf"
30
-
31
- # Allow read and write transactions with the database.
32
- READ_WRITE = 'read-write'
33
-
34
- # Allow read transactions with the database.
35
- READ = 'read'
36
-
37
- end # module
38
-
39
- end # module