Merge pull request #591 from jfontan/feature/add-new-auth-interface

Use new auth interface

Author: ajnavarro

Gopkg.lock

@@ -1,6 +1,6 @@
 [[constraint]]
   name = "gopkg.in/src-d/go-mysql-server.v0"
-  revision = "a9eddbfbf43f3b79fb6012fec948354222a9f2da"
+  revision = "33657588d2ed14ade95deed511444b3def865b2b"
 
 [[constraint]]
   name = "github.com/jessevdk/go-flags"

Gopkg.toml

@@ -1,6 +1,7 @@
 package command
 
 import (
+	"fmt"
 	"net"
 	"os"
 	"path/filepath"
@@ -18,6 +19,7 @@ import (
 	"github.com/uber/jaeger-client-go/config"
 	"gopkg.in/src-d/go-git.v4/plumbing/cache"
 	sqle "gopkg.in/src-d/go-mysql-server.v0"
+	"gopkg.in/src-d/go-mysql-server.v0/auth"
 	"gopkg.in/src-d/go-mysql-server.v0/server"
 	"gopkg.in/src-d/go-mysql-server.v0/sql"
 	"gopkg.in/src-d/go-mysql-server.v0/sql/analyzer"
@@ -36,8 +38,9 @@ const (
 
 // Server represents the `server` command of gitbase cli tool.
 type Server struct {
-	engine *sqle.Engine
-	pool   *gitbase.RepositoryPool
+	engine   *sqle.Engine
+	pool     *gitbase.RepositoryPool
+	userAuth auth.Auth
 
 	Name          string         `long:"db" default:"gitbase" description:"Database name"`
 	Version       string         // Version of the application.
@@ -47,13 +50,14 @@ type Server struct {
 	Port          int            `short:"p" long:"port" default:"3306" description:"Port where the server is going to listen"`
 	User          string         `short:"u" long:"user" default:"root" description:"User name used for connection"`
 	Password      string         `short:"P" long:"password" default:"" description:"Password used for connection"`
+	UserFile      string         `short:"U" long:"user-file" env:"GITBASE_USER_FILE" default:"" description:"JSON file with credentials list"`
 	ConnTimeout   int            `short:"t" long:"timeout" env:"GITBASE_CONNECTION_TIMEOUT" description:"Timeout in seconds used for connections"`
 	IndexDir      string         `short:"i" long:"index" default:"/var/lib/gitbase/index" description:"Directory where the gitbase indexes information will be persisted." env:"GITBASE_INDEX_DIR"`
 	CacheSize     cache.FileSize `long:"cache" default:"512" description:"Object cache size in megabytes" env:"GITBASE_CACHESIZE_MB"`
 	Parallelism   uint           `long:"parallelism" description:"Maximum number of parallel threads per table. By default, it's the number of CPU cores. 0 means default, 1 means disabled."`
 	DisableSquash bool           `long:"no-squash" description:"Disables the table squashing."`
 	TraceEnabled  bool           `long:"trace" env:"GITBASE_TRACE" description:"Enables jaeger tracing"`
-	ReadOnly      bool           `short:"r" long:"readonly" description:"Only allow read queries. This disables creating and deleting indexes as well." env:"GITBASE_READONLY"`
+	ReadOnly      bool           `short:"r" long:"readonly" description:"Only allow read queries. This disables creating and deleting indexes as well. Cannot be used with --user-file." env:"GITBASE_READONLY"`
 	SkipGitErrors bool           // SkipGitErrors disables failing when Git errors are found.
 	DisableGit    bool           `long:"no-git" description:"disable the load of git standard repositories."`
 	DisableSiva   bool           `long:"no-siva" description:"disable the load of siva files."`
@@ -69,16 +73,13 @@ func (l *jaegerLogrus) Error(s string) {
 }
 
 func NewDatabaseEngine(
-	readonly bool,
+	userAuth auth.Auth,
 	version string,
 	parallelism int,
 	squash bool,
 ) *sqle.Engine {
 	catalog := sql.NewCatalog()
-	ab := analyzer.NewBuilder(catalog)
-	if readonly {
-		ab = ab.ReadOnly()
-	}
+	ab := analyzer.NewBuilder(catalog).WithAuth(userAuth)
 
 	if parallelism == 0 {
 		parallelism = runtime.NumCPU()
@@ -107,6 +108,24 @@ func (c *Server) Execute(args []string) error {
 		logrus.SetLevel(logrus.DebugLevel)
 	}
 
+	var err error
+	if c.UserFile != "" {
+		if c.ReadOnly {
+			return fmt.Errorf("cannot use both --user-file and --readonly")
+		}
+
+		c.userAuth, err = auth.NewNativeFile(c.UserFile)
+		if err != nil {
+			return err
+		}
+	} else {
+		permissions := auth.AllPermissions
+		if c.ReadOnly {
+			permissions = auth.ReadPerm
+		}
+		c.userAuth = auth.NewNativeSingle(c.User, c.Password, permissions)
+	}
+
 	if err := c.buildDatabase(); err != nil {
 		logrus.WithField("error", err).Fatal("unable to initialize database engine")
 		return err
@@ -153,7 +172,7 @@ func (c *Server) Execute(args []string) error {
 		server.Config{
 			Protocol:         "tcp",
 			Address:          hostString,
-			Auth:             auth,
+			Auth:             c.userAuth,
 			Tracer:           tracer,
 			ConnReadTimeout:  timeout,
 			ConnWriteTimeout: timeout,
@@ -174,7 +193,7 @@ func (c *Server) Execute(args []string) error {
 func (c *Server) buildDatabase() error {
 	if c.engine == nil {
 		c.engine = NewDatabaseEngine(
-			c.ReadOnly,
+			c.userAuth,
 			c.Version,
 			int(c.Parallelism),
 			!c.DisableSquash,

cmd/gitbase/command/server.go

@@ -15,6 +15,7 @@
 | `GITBASE_UAST_CACHE_SIZE`    | size of the cache for the `uast` and `uast_mode` UDFs. The size is the maximum number of elements kept in the cache, 10000 by default |
 | `GITBASE_CACHESIZE_MB`       | size of the cache for git objects specified as MB                                  |
 | `GITBASE_CONNECTION_TIMEOUT` | timeout in seconds used for client connections on write and reads. No timeout by default.     |
+| `GITBASE_USER_FILE`          | JSON file with user credentials                                                    |
 
 ### Jaeger tracing variables
 
@@ -75,6 +76,7 @@ Help Options:
       -p, --port=        Port where the server is going to listen (default: 3306)
       -u, --user=        User name used for connection (default: root)
       -P, --password=    Password used for connection
+      -U, --user-file=   JSON file with credentials list [$GITBASE_USER_FILE]
       -t, --timeout=     Timeout in seconds used for connections [$GITBASE_CONNECTION_TIMEOUT]
       -i, --index=       Directory where the gitbase indexes information will be persisted. (default:
                          /var/lib/gitbase/index) [$GITBASE_INDEX_DIR]
@@ -83,10 +85,48 @@ Help Options:
                          means default, 1 means disabled.
           --no-squash    Disables the table squashing.
           --trace        Enables jaeger tracing [$GITBASE_TRACE]
-      -r, --readonly     Only allow read queries. This disables creating and deleting indexes as well.
-                         [$GITBASE_READONLY]
+      -r, --readonly     Only allow read queries. This disables creating and deleting indexes as well. Cannot be used
+                         with --user-file. [$GITBASE_READONLY]
           --no-git       disable the load of git standard repositories.
           --no-siva      disable the load of siva files.
       -v                 Activates the verbose mode
 
 ```
+## User credentials
+
+User credentials can be specified in the command line or using a user file. For single user this can be done with parameters `--user` and `--password`:
+
+```
+gitbase server --user root --password r00tp4ssword! -d /my/repositories/path
+```
+
+If you want to have more than one user or do not have the password in plain text you can use a user file with this format:
+
+```json
+[
+  {
+    "name": "root",
+    "password": "*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19",
+    "permissions": ["read", "write"]
+  },
+  {
+    "name": "user",
+    "password": "plain_passw0rd!"
+  }
+]
+```
+
+You can either specify a plain text password or hashed. Hashed version uses the same format as MySQL 5.x passwords. You can generate the native password with this command, remember to prefix the hash with `*`:
+
+```
+echo -n password | openssl sha1 -binary | openssl sha1 | tr '[:lower:]' '[:upper:]'
+```
+
+There are two permissions you can set to users, `read` and `write`. `read` only allows to execute queries. `write` is needed to create and delete indexes or lock tables. If no permissions are set for a user the default permission is `read`.
+
+Then you can specify which user file to use with parameter `--user-file`:
+
+```
+gitbase server --user-file /path/to/user-file.json -d /my/repositories/path
+```
+

docs/using-gitbase/configuration.md

@@ -95,4 +95,4 @@ Also, if you want to retrieve values from a non common property, you can pass it
 
 ## Standard functions
 
-You can check standard functions in [`go-mysql-server` documentation](https://github.com/src-d/go-mysql-server/tree/a9eddbfbf43f3b79fb6012fec948354222a9f2da#custom-functions).
+You can check standard functions in [`go-mysql-server` documentation](https://github.com/src-d/go-mysql-server/tree/33657588d2ed14ade95deed511444b3def865b2b#custom-functions).

docs/using-gitbase/functions.md

@@ -10,4 +10,4 @@ Note that you can create an index either **on one or more columns** or **on a si
 
 You can find some more examples in the [examples](./examples.md#create-an-index-for-columns-on-a-table) section.
 
-See [go-mysql-server](https://github.com/src-d/go-mysql-server/tree/a9eddbfbf43f3b79fb6012fec948354222a9f2da#indexes) documentation for more details
+See [go-mysql-server](https://github.com/src-d/go-mysql-server/tree/33657588d2ed14ade95deed511444b3def865b2b#indexes) documentation for more details

docs/using-gitbase/indexes.md

@@ -1,3 +1,3 @@
 ## Supported clients
 
-To see the supported MySQL clients and examples about how to use them, take a look [here](https://github.com/src-d/go-mysql-server/blob/a9eddbfbf43f3b79fb6012fec948354222a9f2da/SUPPORTED_CLIENTS.md).
+To see the supported MySQL clients and examples about how to use them, take a look [here](https://github.com/src-d/go-mysql-server/blob/33657588d2ed14ade95deed511444b3def865b2b/SUPPORTED_CLIENTS.md).

docs/using-gitbase/supported-clients.md

@@ -1,3 +1,3 @@
 ## Supported syntax
 
-To see the SQL subset currently supported take a look at [this list](https://github.com/src-d/go-mysql-server/blob/a9eddbfbf43f3b79fb6012fec948354222a9f2da/SUPPORTED.md) from [src-d/go-mysql-server](https://github.com/src-d/go-mysql-server).
+To see the SQL subset currently supported take a look at [this list](https://github.com/src-d/go-mysql-server/blob/33657588d2ed14ade95deed511444b3def865b2b/SUPPORTED.md) from [src-d/go-mysql-server](https://github.com/src-d/go-mysql-server).

docs/using-gitbase/supported-syntax.md

@@ -18,6 +18,7 @@ import (
 	fixtures "gopkg.in/src-d/go-git-fixtures.v3"
 	"gopkg.in/src-d/go-git.v4/plumbing/cache"
 	sqle "gopkg.in/src-d/go-mysql-server.v0"
+	"gopkg.in/src-d/go-mysql-server.v0/auth"
 	"gopkg.in/src-d/go-mysql-server.v0/sql"
 	"gopkg.in/src-d/go-mysql-server.v0/sql/analyzer"
 	"gopkg.in/src-d/go-mysql-server.v0/sql/expression"
@@ -872,7 +873,8 @@ func newSquashEngine() *sqle.Engine {
 
 func newBaseEngine() *sqle.Engine {
 	foo := gitbase.NewDatabase("foo")
-	engine := command.NewDatabaseEngine(false, "test", 0, false)
+	au := new(auth.None)
+	engine := command.NewDatabaseEngine(au, "test", 0, false)
 
 	engine.AddDatabase(foo)
 	engine.Catalog.RegisterFunctions(function.Functions)