From 5ed209284560ff97f087ac04878398f329753a75 Mon Sep 17 00:00:00 2001 From: dwelch-spike <53876192+dwelch-spike@users.noreply.github.com> Date: Thu, 25 Jan 2024 14:44:06 -0800 Subject: [PATCH] fix: Tools-2826 don't check for read-write privlege, allows ldap users to connect correctly. (#45) * build: update aerospike java client to version 7.2.1 * fix: don't check for read-write role, let the server handle role violations. this fixes an issue where LDAP auth would fail the role check * build: bump asloader version to 4.0.2 * docs: remove options from readme, link to website instead * docs: show the --usage command in readme * build: bump version to 4.0.2 --- README.md | 33 ++++------------- doc/releasenotes.md | 12 ++++++- pom.xml | 4 +-- .../com/aerospike/load/AerospikeLoad.java | 35 +------------------ 4 files changed, 20 insertions(+), 64 deletions(-) diff --git a/README.md b/README.md index 8876d42..89f0fbd 100644 --- a/README.md +++ b/README.md @@ -56,33 +56,12 @@ If you downloaded the source. Use **run_loader** script along with options and d "data file name(s)/directory" can either be space delimited files or a directory name containing data files. See "Data Files" section for more details. -__Options__: - -``` java --h,--hosts List of seed hosts (default: localhost) --p,--port Server port (default: 3000) --U,--user User name --P,--password Password --n,--namespace Namespace (default: test) --c,--config Column definition file in JSON format --g,--max-throughput Set a target max transactions per second for the loader (default: 0 (don`t limit TPS)). --T,--transaction-timeout Transaction timeout in milliseconds for write (default: no timeout) --e,--expiration-time Time to expire of a record in seconds (default: never expire) --tz,--timezone TimeZone of source where datadump is taken (default: local timeZone) --ec,--abort-Error-Count Abort when error occurs more than this value (default: 0 (don`t abort)) --wa,--write-Action Write action if key already exists (default: update) --tls,--tls-enable Use TLS/SSL sockets(default: False) --tp,--tls-protocols Allow TLS protocols. Values: TLSv1,TLSv1.1,TLSv1.2 separated by comma (default: TLSv1.2) --tlsCiphers,--tls-cipher-suite Allow TLS cipher suites. Values: cipher names defined by JVM separated by comma (default: null (default cipher list provided by JVM)) --tr,--tls-revoke Revoke certificates identified by their serial number. Values: serial numbers separated by comma (default: null (Do not revoke certificates)) --uk,--send-user-key Send user defined key in addition to hash digest to store on the server. (default: userKey is not sent to reduce meta-data overhead) --um,--unorderedMaps If this flag is present write all maps as unordered maps. --u,--usage Print usage. --v,--verbose Verbose mode for debug logging (default: INFO) --V,--version Print version -``` +For available options and their descriptions run with asloader's --usage option. + + $ java -cp aerospike-load-*-jar-with-dependencies.jar com.aerospike.load.AerospikeLoad --usage + $ ./run_loader --usage -For more details, refer to [Options](doc/options.md). +For more details, refer to [Options](https://aerospike.com/docs/tools/asloader/options). ### Some extra info about internal working: @@ -90,7 +69,7 @@ For more details, refer to [Options](doc/options.md). * reader threads (reads CSV files) (The number of reader threads = either number of CPUs or number of files in the directory, whichever one is lower.) * writer threads (writes to the cluster) (The number of writer threads = number of CPUs * 5 (5 is scaleFactor)) -### Sample usage of all options: +### Sample usage of common options: $ ./run_loader -h nodex -p 3000 -n test -T 3000 -e 2592000 -ec 100 -tz PST -wa update -c ~/pathto/config.json datafiles/ diff --git a/doc/releasenotes.md b/doc/releasenotes.md index 284be9d..2be7233 100644 --- a/doc/releasenotes.md +++ b/doc/releasenotes.md @@ -91,4 +91,14 @@ ## Aerospike Loader [4.0.1] Release Date [7 Aug 2023] ## Security: * [Snyk] Security upgrade com.aerospike:aerospike-client from 6.1.7 to 7.0.0 by @arrowplum in https://github.com/aerospike/aerospike-loader/pull/40 - * TOOLS-2640 fix [CVE-2023](https://aerospike.atlassian.net/browse/TOOLS-2640) \ No newline at end of file + * TOOLS-2640 fix [CVE-2023](https://aerospike.atlassian.net/browse/TOOLS-2640) + +## Aerospike Loader [4.0.2] Release Date [15 Jan 2024] +## Security +* [Snyk] Upgrade org.apache.logging.log4j:log4j-api from 2.20.0 to 2.21.0 +* [Snyk] Upgrade org.apache.logging.log4j:log4j-core from 2.20.0 to 2.21.0 +* [Snyk] Upgrade commons-cli:commons-cli from 1.5.0 to 1.6.0 + +## Bug Fixes: +* TOOLS-2826 \(ASLOADER\) Fixed an issue where ldap users fail read-write role validation. +Asloader no longer checks if the Aerospike user has read-write permissions before beginning writes. \ No newline at end of file diff --git a/pom.xml b/pom.xml index 4ca5c50..6ece252 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.aerospike aerospike-load - 4.0.1 + 4.0.2 Aerospike DSV Loader jar @@ -32,7 +32,7 @@ com.aerospike aerospike-client - 7.0.0 + 7.2.1 diff --git a/src/main/java/com/aerospike/load/AerospikeLoad.java b/src/main/java/com/aerospike/load/AerospikeLoad.java index f4f3c60..d160a91 100644 --- a/src/main/java/com/aerospike/load/AerospikeLoad.java +++ b/src/main/java/com/aerospike/load/AerospikeLoad.java @@ -60,30 +60,7 @@ * * It will import multiple Data Dump files concurrently * - * To run: java -jar aerospike-import- - * The options are: - * -h,--hosts List of seed hosts (default: localhost) - * -p,--port Server port (default: 3000) - * -U,--user User name - * -P,--password Password - * -n,--namespace Namespace (default: test) - * -c,--config Column definition file in JSON format - * -g,--max-throughput Set a target transactions per second for the loader. The loader should not exceed this average throughput. - * -T,--transaction-timeout Transaction timeout in milliseconds for write (default: no timeout) - * -e,--expiration-time Time to expire of a record in seconds(default: never expire) - * -tz,--timezone TimeZone of source where datadump is taken (default: local timeZone) - * -ec,--abort-Error-Count Abort when error occurs more than this value(default: 0(don't abort)) - * -wa,--write-Action Write action if key already exists (default: update) - * -tls,--tls-enable Use TLS/SSL sockets(default: False) - * -tp,--tls-protocols Allow TLS protocols. Values: TLSv1,TLSv1.1,TLSv1.2 separated by comma (default: TLSv1.2) - * -tlsCiphers,--tls-cipher-suite Allow TLS cipher suites. Values: cipher names defined by JVM separated by comma (default: null (default cipher list provided by JVM)) - * -tr,--tls-revoke Revoke certificates identified by their serial number. Values: serial numbers separated by comma (default: null (Do not revoke certificates)) - * -uk,--send-user-key Send user defined key in addition to hash digest to store on the server. (default: userKey is not sent to reduce meta-data overhead) - * -u,--usage Print usage. - * -v,--verbose Verbose mode for debug logging (default: INFO) - * -um,--unordered-map Write maps as unorderd (default: false) - * The file names can be a series of file names or directories. - * + * To run: java -jar aerospike-import- * * @author Aerospike * */ @@ -273,16 +250,6 @@ private static AerospikeClient getAerospikeClient(CommandLine cl) { log.error("Client is not able to connect:" + params.hosts); return null; } - try { - // Check read-write role is given to user. - if (!client.queryUser(null, clientPolicy.user).roles.contains(Role.ReadWrite)) { - log.error("User role:" + client.queryUser(null, clientPolicy.user).roles.toString() + " Expected:" + Role.ReadWrite); - return null; - } - } - catch (AerospikeException e) { - // Ignore if security is not enabled. - } return client; }