Vec 189 tls + auth (#2)

* VEC-189 add tls and auth
aerospike · Jul 3, 2024 · 5700529 · 5700529
1 parent 938957b
commit 5700529
Show file tree

Hide file tree

Showing 50 changed files with 1,451 additions and 408 deletions.
diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml
@@ -11,6 +11,10 @@ on:
               description: 'Delete existing pre-releases?'
               required: false
               type: boolean
+
+    push:
+        branches:
+          - "VEC-189-tls" # remove before merge into main
 jobs:
     build-and-release:
         runs-on: macos-13

diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,6 @@
-/docker/config/features.conf
+features.conf
 /bin/*
 embed_*.go
-/tmp
+tmp
 /vendor
 /coverage
diff --git a/.golangci.yml b/.golangci.yml
@@ -23,7 +23,7 @@ linters-settings:
         allow:
           - $gostd
           - github.com/aerospike/tools-common-go
-          - github.com/aerospike/aerospike-proximus-client-go
+          - github.com/aerospike/avs-client-go
           - asvec/cmd
           - github.com/spf13/cobra
           - github.com/spf13/viper

diff --git a/cmd/constants.go b/cmd/constants.go
diff --git a/cmd/createIndex.go b/cmd/createIndex.go
diff --git a/cmd/dropIndex.go b/cmd/dropIndex.go
@@ -10,7 +10,6 @@ import (
 	"log/slog"
 	"time"
 
-	avs "github.com/aerospike/aerospike-proximus-client-go"
 	commonFlags "github.com/aerospike/tools-common-go/flags"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
@@ -19,34 +18,29 @@ import (
 
 //nolint:govet // Padding not a concern for a CLI
 var dropIndexFlags = &struct {
-	host         *flags.HostPortFlag
-	seeds        *flags.SeedsSliceFlag
-	listenerName flags.StringOptionalFlag
-	namespace    string
-	sets         []string
-	indexName    string
-	timeout      time.Duration
+	clientFlags flags.ClientFlags
+	namespace   string
+	sets        []string
+	indexName   string
+	timeout     time.Duration
 }{
-	host:  flags.NewDefaultHostPortFlag(),
-	seeds: &flags.SeedsSliceFlag{},
+	clientFlags: *flags.NewClientFlags(),
 }
 
 func newDropIndexFlagSet() *pflag.FlagSet {
 	flagSet := &pflag.FlagSet{}
-	flagSet.VarP(dropIndexFlags.host, flagNameHost, "h", commonFlags.DefaultWrapHelpString(fmt.Sprintf("The AVS host to connect to. If cluster discovery is needed use --%s", flagNameSeeds)))                                         //nolint:lll // For readability
-	flagSet.Var(dropIndexFlags.seeds, flagNameSeeds, commonFlags.DefaultWrapHelpString(fmt.Sprintf("The AVS seeds to use for cluster discovery. If no cluster discovery is needed (i.e. load-balancer) then use --%s", flagNameHost))) //nolint:lll // For readability
-	flagSet.VarP(&dropIndexFlags.listenerName, flagNameListenerName, "l", commonFlags.DefaultWrapHelpString("The listener to ask the AVS server for as configured in the AVS server. Likely required for cloud deployments."))         //nolint:lll // For readability
-	flagSet.StringVarP(&dropIndexFlags.namespace, flagNameNamespace, "n", "", commonFlags.DefaultWrapHelpString("The namespace for the index."))                                                                                       //nolint:lll // For readability
-	flagSet.StringArrayVarP(&dropIndexFlags.sets, flagNameSets, "s", nil, commonFlags.DefaultWrapHelpString("The sets for the index."))                                                                                                //nolint:lll // For readability
-	flagSet.StringVarP(&dropIndexFlags.indexName, flagNameIndexName, "i", "", commonFlags.DefaultWrapHelpString("The name of the index."))                                                                                             //nolint:lll // For readability
-	flagSet.DurationVar(&dropIndexFlags.timeout, flagNameTimeout, time.Second*5, commonFlags.DefaultWrapHelpString("The distance metric for the index."))                                                                              //nolint:lll // For readability
+	flagSet.StringVarP(&dropIndexFlags.namespace, flags.Namespace, "n", "", commonFlags.DefaultWrapHelpString("The namespace for the index."))          //nolint:lll // For readability
+	flagSet.StringSliceVarP(&dropIndexFlags.sets, flags.Sets, "s", nil, commonFlags.DefaultWrapHelpString("The sets for the index."))                   //nolint:lll // For readability
+	flagSet.StringVarP(&dropIndexFlags.indexName, flags.IndexName, "i", "", commonFlags.DefaultWrapHelpString("The name of the index."))                //nolint:lll // For readability
+	flagSet.DurationVar(&dropIndexFlags.timeout, flags.Timeout, time.Second*5, commonFlags.DefaultWrapHelpString("The distance metric for the index.")) //nolint:lll // For readability
+	flagSet.AddFlagSet(dropIndexFlags.clientFlags.NewClientFlagSet())
 
 	return flagSet
 }
 
 var dropIndexRequiredFlags = []string{
-	flagNameNamespace,
-	flagNameIndexName,
+	flags.Namespace,
+	flags.IndexName,
 }
 
 // dropIndexCmd represents the dropIndex command
@@ -62,38 +56,40 @@ func newDropIndexCommand() *cobra.Command {
 			asvec drop index -i myindex -n test
 			`,
 		PreRunE: func(_ *cobra.Command, _ []string) error {
-			if viper.IsSet(flagNameSeeds) && viper.IsSet(flagNameHost) {
-				return fmt.Errorf("only --%s or --%s allowed", flagNameSeeds, flagNameHost)
+			if viper.IsSet(flags.Seeds) && viper.IsSet(flags.Host) {
+				return fmt.Errorf("only --%s or --%s allowed", flags.Seeds, flags.Host)
 			}
 
 			return nil
 		},
 		RunE: func(_ *cobra.Command, _ []string) error {
 			logger.Debug("parsed flags",
-				slog.String(flagNameHost, dropIndexFlags.host.String()),
-				slog.String(flagNameSeeds, dropIndexFlags.seeds.String()),
-				slog.String(flagNameListenerName, dropIndexFlags.listenerName.String()),
-				slog.String(flagNameNamespace, dropIndexFlags.namespace),
-				slog.Any(flagNameSets, dropIndexFlags.sets),
-				slog.String(flagNameIndexName, dropIndexFlags.indexName),
-				slog.Duration(flagNameTimeout, dropIndexFlags.timeout),
+				append(dropIndexFlags.clientFlags.NewSLogAttr(),
+					slog.String(flags.Namespace, dropIndexFlags.namespace),
+					slog.Any(flags.Sets, dropIndexFlags.sets),
+					slog.String(flags.IndexName, dropIndexFlags.indexName),
+					slog.Duration(flags.Timeout, dropIndexFlags.timeout),
+				)...,
 			)
 
-			hosts, isLoadBalancer := parseBothHostSeedsFlag(dropIndexFlags.seeds, dropIndexFlags.host)
-
-			ctx, cancel := context.WithTimeout(context.Background(), dropIndexFlags.timeout)
-			defer cancel()
-
-			adminClient, err := avs.NewAdminClient(ctx, hosts, nil, isLoadBalancer, logger)
+			adminClient, err := createClientFromFlags(&dropIndexFlags.clientFlags, dropIndexFlags.timeout)
 			if err != nil {
-				logger.Error("failed to create AVS client", slog.Any("error", err))
 				return err
 			}
-
-			cancel()
 			defer adminClient.Close()
 
-			ctx, cancel = context.WithTimeout(context.Background(), dropIndexFlags.timeout)
+			if !confirm(fmt.Sprintf(
+				"Are you sure you want to drop the index %s on field %s?",
+				nsAndSetString(
+					createIndexFlags.namespace,
+					createIndexFlags.sets,
+				),
+				createIndexFlags.vectorField,
+			)) {
+				return nil
+			}
+
+			ctx, cancel := context.WithTimeout(context.Background(), dropIndexFlags.timeout)
 			defer cancel()
 
 			err = adminClient.IndexDrop(ctx, dropIndexFlags.namespace, dropIndexFlags.indexName)

diff --git a/cmd/flags/client.go b/cmd/flags/client.go
@@ -0,0 +1,52 @@
+package flags
+
+import (
+	"fmt"
+	"log/slog"
+
+	commonFlags "github.com/aerospike/tools-common-go/flags"
+	"github.com/spf13/pflag"
+)
+
+type ClientFlags struct {
+	Host         *HostPortFlag
+	Seeds        *SeedsSliceFlag
+	ListenerName StringOptionalFlag
+	User         StringOptionalFlag
+	Password     commonFlags.PasswordFlag
+	TLSFlags
+}
+
+func NewClientFlags() *ClientFlags {
+	return &ClientFlags{
+		Host:     NewDefaultHostPortFlag(),
+		Seeds:    &SeedsSliceFlag{},
+		TLSFlags: *NewTLSFlags(),
+	}
+}
+
+func (cf *ClientFlags) NewClientFlagSet() *pflag.FlagSet {
+	flagSet := &pflag.FlagSet{}
+	flagSet.VarP(cf.Host, Host, "h", commonFlags.DefaultWrapHelpString(fmt.Sprintf("The AVS host to connect to. If cluster discovery is needed use --%s", Seeds)))                                         //nolint:lll // For readability
+	flagSet.Var(cf.Seeds, Seeds, commonFlags.DefaultWrapHelpString(fmt.Sprintf("The AVS seeds to use for cluster discovery. If no cluster discovery is needed (i.e. load-balancer) then use --%s", Host))) //nolint:lll // For readability
+	flagSet.VarP(&cf.ListenerName, ListenerName, "l", commonFlags.DefaultWrapHelpString("The listener to ask the AVS server for as configured in the AVS server. Likely required for cloud deployments.")) //nolint:lll // For readability
+	flagSet.VarP(&cf.User, User, "U", commonFlags.DefaultWrapHelpString("The AVS user to authenticate with."))                                                                                             //nolint:lll // For readability
+	flagSet.VarP(&cf.Password, Password, "P", commonFlags.DefaultWrapHelpString("The AVS password for the specified user."))                                                                               //nolint:lll // For readability
+	flagSet.AddFlagSet(cf.NewTLSFlagSet(commonFlags.DefaultWrapHelpString))
+
+	return flagSet
+}
+
+func (cf *ClientFlags) NewSLogAttr() []any {
+	return []any{slog.String(Host, cf.Host.String()),
+		slog.String(Seeds, cf.Seeds.String()),
+		slog.String(ListenerName, cf.ListenerName.String()),
+		slog.String(User, cf.User.String()),
+		slog.String(Password, cf.Password.String()),
+		slog.Bool(TLSCaFile, cf.TLSRootCAFile != nil),
+		slog.Bool(TLSCaPath, cf.TLSRootCAPath != nil),
+		slog.Bool(TLSCertFile, cf.TLSCertFile != nil),
+		slog.Bool(TLSKeyFile, cf.TLSKeyFile != nil),
+		slog.Bool(TLSKeyFilePass, cf.TLSKeyFilePass != nil),
+	}
+}
diff --git a/cmd/flags/constants.go b/cmd/flags/constants.go
@@ -0,0 +1,33 @@
+package flags
+
+const (
+	LogLevel         = "log-level"
+	Seeds            = "seeds"
+	Host             = "host"
+	ListenerName     = "listener-name"
+	User             = "user"
+	Password         = "password"
+	Namespace        = "namespace"
+	Sets             = "sets"
+	IndexName        = "index-name"
+	VectorField      = "vector-field"
+	Dimension        = "dimension"
+	DistanceMetric   = "distance-metric"
+	IndexMeta        = "index-meta"
+	Timeout          = "timeout"
+	Verbose          = "verbose"
+	StorageNamespace = "storage-namespace"
+	StorageSet       = "storage-set"
+	MaxEdges         = "hnsw-max-edges"
+	ConstructionEf   = "hnsw-ef-construction"
+	Ef               = "hnsw-ef"
+	BatchMaxRecords  = "hnsw-batch-max-records"
+	BatchInterval    = "hnsw-batch-interval"
+	BatchEnabled     = "hnsw-batch-enabled"
+	TLSProtocols     = "tls-protocols"
+	TLSCaFile        = "tls-cafile"
+	TLSCaPath        = "tls-capath"
+	TLSCertFile      = "tls-certfile"
+	TLSKeyFile       = "tls-keyfile"
+	TLSKeyFilePass   = "tls-keyfile-password"
+)
diff --git a/cmd/flags/distanceMetric.go b/cmd/flags/distanceMetric.go
@@ -5,7 +5,7 @@ import (
 	"slices"
 	"strings"
 
-	"github.com/aerospike/aerospike-proximus-client-go/protos"
+	"github.com/aerospike/avs-client-go/protos"
 )
 
 type DistanceMetricFlag string

diff --git a/cmd/flags/hostPort.go b/cmd/flags/hostPort.go
@@ -6,7 +6,7 @@ import (
 	"strconv"
 	"strings"
 
-	avs "github.com/aerospike/aerospike-proximus-client-go"
+	avs "github.com/aerospike/avs-client-go"
 )
 
 const (

diff --git a/cmd/flags/hostPort_test.go b/cmd/flags/hostPort_test.go
@@ -5,7 +5,7 @@ package flags
 import (
 	"testing"
 
-	avs "github.com/aerospike/aerospike-proximus-client-go"
+	avs "github.com/aerospike/avs-client-go"
 
 	"github.com/stretchr/testify/suite"
 )

diff --git a/cmd/flags/tls.go b/cmd/flags/tls.go
@@ -0,0 +1,61 @@
+package flags
+
+import (
+	"crypto/tls"
+
+	commonClient "github.com/aerospike/tools-common-go/client"
+	commonFlags "github.com/aerospike/tools-common-go/flags"
+	"github.com/spf13/pflag"
+)
+
+type TLSFlags struct {
+	TLSProtocols   commonFlags.TLSProtocolsFlag
+	TLSRootCAFile  commonFlags.CertFlag
+	TLSRootCAPath  commonFlags.CertPathFlag
+	TLSCertFile    commonFlags.CertFlag
+	TLSKeyFile     commonFlags.CertFlag
+	TLSKeyFilePass commonFlags.PasswordFlag
+}
+
+func NewTLSFlags() *TLSFlags {
+	return &TLSFlags{
+		TLSProtocols: commonFlags.NewDefaultTLSProtocolsFlag(),
+	}
+}
+
+// NewTLSFlagSet returns a new pflag.FlagSet with TLS flags defined. Values
+// are stored in the TLSFlags struct.
+func (tf *TLSFlags) NewTLSFlagSet(fmtUsage commonFlags.UsageFormatter) *pflag.FlagSet {
+	f := &pflag.FlagSet{}
+
+	f.Var(&tf.TLSRootCAFile, "tls-cafile", fmtUsage("The CA used when connecting to AVS."))
+	f.Var(&tf.TLSRootCAPath, "tls-capath", fmtUsage("A path containing CAs for connecting to AVS."))
+	f.Var(&tf.TLSCertFile, "tls-certfile", fmtUsage("The certificate file for mutual TLS authentication with AVS."))
+	f.Var(&tf.TLSKeyFile, "tls-keyfile", fmtUsage("The key file used for mutual TLS authentication with AVS."))
+	f.Var(&tf.TLSKeyFilePass, "tls-keyfile-password", fmtUsage("The password used to decrypt the key-file if encrypted."))
+	f.Var(&tf.TLSProtocols, "tls-protocols", fmtUsage(
+		"Set the TLS protocol selection criteria. This format is the same as"+
+			" Apache's SSLProtocol documented at https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssl protocol.",
+	))
+
+	return f
+}
+
+func (tf *TLSFlags) NewTLSConfig() (*tls.Config, error) {
+	rootCA := [][]byte{}
+
+	if len(tf.TLSRootCAFile) != 0 {
+		rootCA = append(rootCA, tf.TLSRootCAFile)
+	}
+
+	rootCA = append(rootCA, tf.TLSRootCAPath...)
+
+	return commonClient.NewTLSConfig(
+		rootCA,
+		tf.TLSCertFile,
+		tf.TLSKeyFile,
+		tf.TLSKeyFilePass,
+		0,
+		0,
+	).NewGoTLSConfig()
+}