Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[feature/dao] cassandra authentication + client encryption #405

Merged
merged 3 commits into from
Aug 4, 2015
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ lint:
@find kong spec -name '*.lua' ! -name 'invalid-module.lua' | xargs luacheck -q

test:
@busted spec/unit
@busted -v spec/unit

test-integration:
@busted spec/integration
Expand All @@ -67,3 +67,6 @@ coverage:
@busted --coverage spec/
@luacov -c spec/.luacov
@tail -n 1 luacov.report.out | awk '{ print $$3 }'

test-all:
@busted -v spec/
2 changes: 1 addition & 1 deletion kong-0.4.1-1.rockspec
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ dependencies = {
"yaml ~> 1.1.1-1",
"lapis ~> 1.1.0-1",
"stringy ~> 0.4-1",
"kong-cassandra ~> 0.5-8",
"lua-cassandra ~> 0.3.5-0",
"multipart ~> 0.1-3",
"lua-path ~> 0.2.3-1",
"lua-cjson ~> 2.1.0-1",
Expand Down
1 change: 1 addition & 0 deletions kong.yml
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,7 @@ nginx: |
lua_shared_dict locks 100k;
lua_shared_dict cache {{memory_cache_size}}m;
lua_socket_log_errors off;
{{lua_ssl_trusted_certificate}}

init_by_lua '
kong = require "kong"
Expand Down
4 changes: 3 additions & 1 deletion kong/cli/utils/signal.lua
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,7 @@ local function prepare_nginx_working_dir(args_config)
end

local ssl_cert_path, ssl_key_path = cutils.get_ssl_cert_and_key(kong_config)
local trusted_ssl_cert_path = kong_config.databases_available[kong_config.database].properties.ssl_certificate -- DAO ssl cert

-- Extract nginx config from kong config, replace any needed value
local nginx_config = kong_config.nginx
Expand All @@ -112,7 +113,8 @@ local function prepare_nginx_working_dir(args_config)
dns_resolver = "127.0.0.1:"..kong_config.dnsmasq_port,
memory_cache_size = kong_config.memory_cache_size,
ssl_cert = ssl_cert_path,
ssl_key = ssl_key_path
ssl_key = ssl_key_path,
lua_ssl_trusted_certificate = trusted_ssl_cert_path ~= nil and "lua_ssl_trusted_certificate \""..trusted_ssl_cert_path.."\";" or ""
}

-- Auto-tune
Expand Down
3 changes: 0 additions & 3 deletions kong/cli/utils/utils.lua
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,6 @@ end

function Logger:error_exit(str)
self:error(str)
-- Optional stacktrace
--print("")
--error("", 2)
os.exit(1)
end

Expand Down
4 changes: 2 additions & 2 deletions kong/dao/cassandra/apis.lua
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ end
function Apis:find_all()
local apis = {}
local select_q = query_builder.select(self._table)
for _, rows, page, err in Apis.super.execute(self, select_q, nil, nil, {auto_paging=true}) do
for rows, err in Apis.super.execute(self, select_q, nil, nil, {auto_paging=true}) do
if err then
return nil, err
end
Expand All @@ -37,7 +37,7 @@ function Apis:delete(where_t)
local plugins_dao = self._factory.plugins_configurations
local select_q, columns = query_builder.select(plugins_dao._table, {api_id = where_t.id}, plugins_dao._column_family_details)

for _, rows, page, err in plugins_dao:execute(select_q, columns, {api_id = where_t.id}, {auto_paging = true}) do
for rows, err in plugins_dao:execute(select_q, columns, {api_id = where_t.id}, {auto_paging = true}) do
if err then
return nil, err
end
Expand Down
12 changes: 7 additions & 5 deletions kong/dao/cassandra/base_dao.lua
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ local Object = require "classic"
local utils = require "kong.tools.utils"
local uuid = require "uuid"

local cassandra_constants = require "cassandra.constants"
local cassandra_constants = cassandra.constants
local error_types = constants.DATABASE_ERROR_TYPES

local BaseDao = Object:extend()
Expand Down Expand Up @@ -62,16 +62,18 @@ function BaseDao:_open_session(keyspace)
local ok, err

-- Start cassandra session
local session = cassandra.new()
local session = cassandra:new()
session:set_timeout(self._properties.timeout)

ok, err = session:connect(self._properties.hosts, self._properties.port)
local options = self._factory:get_session_options()

ok, err = session:connect(self._properties.hosts, self._properties.port, options)
if not ok then
return nil, DaoError(err, error_types.DATABASE)
end

local times, err = session:get_reused_times()
if err and err ~= "luasocket does not support reusable sockets" then
if err and err.message ~= "luasocket does not support reusable sockets" then
return nil, DaoError(err, error_types.DATABASE)
end

Expand All @@ -92,7 +94,7 @@ end
function BaseDao:_close_session(session)
-- Back to the pool or close if using luasocket
local ok, err = session:set_keepalive(self._properties.keepalive)
if not ok and err == "luasocket does not support reusable sockets" then
if not ok and err.message == "luasocket does not support reusable sockets" then
ok, err = session:close()
end

Expand Down
2 changes: 1 addition & 1 deletion kong/dao/cassandra/consumers.lua
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ function Consumers:delete(where_t)
local select_q, columns = query_builder.select(plugins_dao._table, {consumer_id = where_t.id}, plugins_dao._column_family_details)

-- delete all related plugins configurations
for _, rows, page, err in plugins_dao:execute(select_q, columns, {consumer_id = where_t.id}, {auto_paging = true}) do
for rows, err in plugins_dao:execute(select_q, columns, {consumer_id = where_t.id}, {auto_paging = true}) do
if err then
return nil, err
end
Expand Down
28 changes: 24 additions & 4 deletions kong/dao/cassandra/factory.lua
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,21 @@ function CassandraFactory:drop()
end
end

function CassandraFactory:get_session_options()
local options = {
ssl = self._properties.ssl,
ssl_verify = self._properties.ssl_verify,
ca_file = self._properties.ssl_certificate -- in case of using luasocket
}

if self._properties.user and self._properties.password then
local PasswordAuthenticator = require "cassandra.authenticators.PasswordAuthenticator"
options.authenticator = PasswordAuthenticator(self._properties.user, self._properties.password)
end

return options
end

-- Prepare all statements of collections `queries` property and put them
-- in a statements cache
--
Expand All @@ -88,9 +103,12 @@ function CassandraFactory:prepare()
end

-- Check cassandra is accessible
local session = cassandra.new()
local session = cassandra:new()
session:set_timeout(self._properties.timeout)
local ok, co_err = session:connect(self._properties.hosts, self._properties.port)

local options = self:get_session_options()

local ok, co_err = session:connect(self._properties.hosts, self._properties.port, options)
session:close()

if not ok then
Expand All @@ -114,10 +132,12 @@ end
-- @return {string} error if any
function CassandraFactory:execute_queries(queries, no_keyspace)
local ok, err
local session = cassandra.new()
local session = cassandra:new()
session:set_timeout(self._properties.timeout)

ok, err = session:connect(self._properties.hosts, self._properties.port)
local options = self:get_session_options()

ok, err = session:connect(self._properties.hosts, self._properties.port, options)
if not ok then
return DaoError(err, constants.DATABASE_ERROR_TYPES.DATABASE)
end
Expand Down
2 changes: 1 addition & 1 deletion kong/dao/cassandra/plugins_configurations.lua
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ function PluginsConfigurations:find_distinct()

-- Execute query
local distinct_names = {}
for _, rows, page, err in PluginsConfigurations.super.execute(self, select_q, nil, nil, {auto_paging=true}) do
for rows, err in PluginsConfigurations.super.execute(self, select_q, nil, nil, {auto_paging=true}) do
if err then
return nil, err
end
Expand Down
2 changes: 1 addition & 1 deletion kong/plugins/ratelimiting/daos.lua
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ end

function RateLimitingMetrics:increment(api_id, identifier, current_timestamp)
local periods = timestamp.get_timestamps(current_timestamp)
local batch = cassandra.BatchStatement(cassandra.batch_types.COUNTER)
local batch = cassandra:BatchStatement(cassandra.batch_types.COUNTER)

for period, period_date in pairs(periods) do
batch:add(self.queries.increment_counter, {
Expand Down
2 changes: 1 addition & 1 deletion spec/integration/dao/cassandra/base_dao_spec.lua
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ describe("Cassandra", function()
spec_helper.prepare_db()

-- Create a parallel session to verify the dao's behaviour
session = cassandra.new()
session = cassandra:new()
session:set_timeout(configuration.cassandra.timeout)

local _, err = session:connect(configuration.cassandra.hosts, configuration.cassandra.port)
Expand Down
1 change: 1 addition & 0 deletions spec/unit/statics_spec.lua
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,7 @@ nginx: |
lua_shared_dict locks 100k;
lua_shared_dict cache {{memory_cache_size}}m;
lua_socket_log_errors off;
{{lua_ssl_trusted_certificate}}

init_by_lua '
kong = require "kong"
Expand Down