Conexión a bases de datos de Amazon Neptune mediante la autenticación de IAM con Go de Gremlin
Descripción general
En esta guía se muestra cómo conectarse a una base de datos de Amazon Neptune con la autenticación de IAM habilitada mediante el controlador de Go de Gremlin, con la autenticación de Signature Version 4 y el AWS SDK para GO v2.
Requisitos previos
-
Un clúster de Amazon Neptune con la autenticación de IAM habilitada.
-
Go 1.22 o posterior (consulte las versiones mínimas compatibles para Go de Gremlin
y AWS SDK para Go v2 ). -
Credenciales de AWS configuradas (mediante variables de entorno, archivo de credenciales compartidas o rol de IAM).
Creación de una conexión básica
Utilice el siguiente ejemplo de código como guía sobre para establecer una conexión básica con autenticación de IAM mediante el controlador de Go de Gremlin.
package main import ( "context" "fmt" "github.com/aws/aws-sdk-go-v2/config" "net/http" "strings" "time" gremlingo "github.com/apache/tinkerpop/gremlin-go/v3/driver" v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" ) const emptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` func main() { neptuneEndpoint := "you.cluster.endpoint.neptune.amazonaws.com" connString := "wss://" + neptuneEndpoint + ":8182/gremlin" service := "neptune-db" defaultRegion := "us-east-1" // Create request to sign req, err := http.NewRequest(http.MethodGet, connString, strings.NewReader("")) if err != nil { fmt.Println(err) return } // Loads the default config with default credentials provider // See https://github.com/aws/aws-sdk-go-v2 for additional docs on API usage cfg, err := config.LoadDefaultConfig(context.TODO()) if err != nil { fmt.Println(err) return } // Retrieve loaded credentials cr, err := cfg.Credentials.Retrieve(context.TODO()) if err != nil { fmt.Println(err) return } region := defaultRegion if cfg.Region != "" { // region set inside config profile, or via AWS_REGION or AWS_DEFAULT_REGION environment variable will be loaded region = cfg.Region } signer := v4.NewSigner() // Sign request err = signer.SignHTTP(context.TODO(), cr, req, emptyStringSHA256, service, "us-east-2", time.Now()) if err != nil { fmt.Println(err) return } // Pass the signed request header into gremlingo.HeaderAuthInfo() driverRemoteConnection, err := gremlingo.NewDriverRemoteConnection(connString, func(settings *gremlingo.DriverRemoteConnectionSettings) { settings.TraversalSource = "g" settings.AuthInfo = gremlingo.HeaderAuthInfo(req.Header) // settings.TlsConfig = &tls.Config{InsecureSkipVerify: true} // Use this only if you're on a Mac running Go 1.18+ doing local dev. See https://github.com/golang/go/issues/51991 }) if err != nil { fmt.Println(err) return } // Cleanup defer driverRemoteConnection.Close() // Creating graph traversal g := gremlingo.Traversal_().WithRemote(driverRemoteConnection) // Query execution count, err := g.V().Limit(5).Count().Next() if err != nil { fmt.Println(err) return } fmt.Println("Vertex count:", *count) }
Actualización dinámica de credenciales de Go de Gremlin
Go de Gremlin cuenta con DynamicAuth, que permite insertar un puntero de función para recuperar credenciales y generar el encabezado, lo que evita que este caduque en conexiones de larga duración.
package main import ( "context" "crypto/tls" "fmt" "github.com/aws/aws-sdk-go-v2/config" "net/http" "strings" "time" gremlingo "github.com/apache/tinkerpop/gremlin-go/v3/driver" v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" ) const emptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` func main() { neptuneEndpoint := "you.cluster.endpoint.neptune.amazonaws.com" connString := "wss://" + neptuneEndpoint + ":8182/gremlin" service := "neptune-db" defaultRegion := "us-east-1" //Create the request to sign req, err := http.NewRequest(http.MethodGet, connString, strings.NewReader("")) if err != nil { fmt.Println(err) return } // Loads the default config with default credentials provider // See https://github.com/aws/aws-sdk-go-v2 for additional docs on API usage cfg, err := config.LoadDefaultConfig(context.TODO()) if err != nil { fmt.Println(err) return } region := defaultRegion if cfg.Region != "" { // region set inside config profile, or via AWS_REGION or AWS_DEFAULT_REGION environment variable will be loaded region = cfg.Region } signer := v4.NewSigner() // This is the function that will be used for dynamic refreseh of credentials and signed headers gen := func() gremlingo.AuthInfoProvider { // Retrieve loaded credentials cr, err := cfg.Credentials.Retrieve(context.TODO()) fmt.Println("AWS Credentials: ", cr) if err != nil { fmt.Println(err) return } // Sign request err = signer.SignHTTP(context.TODO(), cr, req, emptyStringSHA256, service, region, time.Now()) if err != nil { fmt.Println(err) return } fmt.Println(req.Header) return gremlingo.HeaderAuthInfo(req.Header) } // Pass the function into gremlingo.NewDynamicAuth(), which will generate the AuthInfoProvider to pass into gremlingo.DriverRemoteConnectionSettings below auth := gremlingo.NewDynamicAuth(gen) driverRemoteConnection, err := gremlingo.NewDriverRemoteConnection(connString, func(settings *gremlingo.DriverRemoteConnectionSettings) { settings.TraversalSource = "g" settings.AuthInfo = auth // settings.TlsConfig = &tls.Config{InsecureSkipVerify: true} // Use this only if you're on a Mac running Go 1.18+ doing local dev. See https://github.com/golang/go/issues/51991 }) if err != nil { fmt.Println(err) return } // Cleanup defer driverRemoteConnection.Close() // Creating graph traversal g := gremlingo.Traversal_().WithRemote(driverRemoteConnection) // Query execution count, err := g.V().Limit(5).Count().Next() if err != nil { fmt.Println(err) return } fmt.Println("Vertex count:", *count) }
