forked from vitessio/vitess
-
Notifications
You must be signed in to change notification settings - Fork 0
/
credentials.go
111 lines (92 loc) · 3.28 KB
/
credentials.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
// Copyright 2014, Google Inc. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package dbconfigs
// This file contains logic for a plugable credentials system.
// The default implementation is file based.
// The flags are global, but only programs that need to acess the database
// link with this library, so we should be safe.
import (
"errors"
"flag"
"sync"
log "github.com/golang/glog"
"github.com/youtube/vitess/go/jscfg"
)
var (
// generic flags
dbCredentialsServer = flag.String("db-credentials-server", "file", "db credentials server type (use 'file' for the file implementation)")
// 'file' implementation flags
dbCredentialsFile = flag.String("db-credentials-file", "", "db credentials file")
// error returned by credential server when the user doesn't exist
ErrUnknownUser = errors.New("unknown user")
)
// CredentialsServer is the interface for a credential server
type CredentialsServer interface {
// GetUserAndPassword returns the user / password to use for a given
// user. May return ErrUnknownUser. The user might be altered
// to support versioned users.
// Note this call needs to be thread safe, as we may call this from
// multiple go routines.
GetUserAndPassword(user string) (string, string, error)
// GetSubprocessFlags returns the flags to send to a subprocess
// to initialize the exact same CredentialsServer
GetSubprocessFlags() []string
}
// AllCredentialsServers contains all the known CredentialsServer
// implementations. Note we will only access this after flags have
// been parsed.
var AllCredentialsServers = make(map[string]CredentialsServer)
// GetCredentialsServer returns the current CredentialsServer. Only valid
// after flag.Init was called.
func GetCredentialsServer() CredentialsServer {
cs, ok := AllCredentialsServers[*dbCredentialsServer]
if !ok {
log.Fatalf("Invalid credential server: %v", *dbCredentialsServer)
}
return cs
}
// getCredentialsServerSubprocessFlags returns the flags to use for
// sub-processes
func getCredentialsServerSubprocessFlags() []string {
result := []string{
"-db-credentials-server", *dbCredentialsServer,
}
cs := GetCredentialsServer()
result = append(result, cs.GetSubprocessFlags()...)
return result
}
// FileCredentialsServer is a simple implementation of CredentialsServer using
// a json file. Protected by mu.
type FileCredentialsServer struct {
mu sync.Mutex
dbCredentials map[string][]string
}
func (fcs *FileCredentialsServer) GetUserAndPassword(user string) (string, string, error) {
fcs.mu.Lock()
defer fcs.mu.Unlock()
if *dbCredentialsFile == "" {
return "", "", ErrUnknownUser
}
// read the json file only once
if fcs.dbCredentials == nil {
fcs.dbCredentials = make(map[string][]string)
if err := jscfg.ReadJson(*dbCredentialsFile, &fcs.dbCredentials); err != nil {
log.Warningf("Failed to read dbCredentials file: %v", *dbCredentialsFile)
return "", "", err
}
}
if passwd, ok := fcs.dbCredentials[user]; !ok {
return "", "", ErrUnknownUser
} else {
return user, passwd[0], nil
}
}
func (fcs *FileCredentialsServer) GetSubprocessFlags() []string {
return []string{
"-db-credentials-file", *dbCredentialsFile,
}
}
func init() {
AllCredentialsServers["file"] = &FileCredentialsServer{}
}