fix: Tools-2826 don't check for read-write privlege, allows ldap users to connect correctly. (#45)

* build: update aerospike java client to version 7.2.1

* fix: don't check for read-write role, let the server handle role violations. this fixes an issue where LDAP auth would fail the role check

* build: bump asloader version to 4.0.2

* docs: remove options from readme, link to website instead

* docs: show the --usage command in readme

* build: bump version to 4.0.2

Author: dwelch-spike

README.md

@@ -56,41 +56,20 @@ If you downloaded the source. Use **run_loader** script along with options and d
 
 "data file name(s)/directory" can either be space delimited files or a directory name containing data files. See "Data Files" section for more details.
 
-__Options__:
-
-``` java
--h,--hosts <arg>                List of seed hosts (default: localhost)
--p,--port <arg>                 Server port (default: 3000)
--U,--user <arg>                 User name
--P,--password <arg>             Password
--n,--namespace <arg>            Namespace (default: test)
--c,--config <arg>               Column definition file in JSON format
--g,--max-throughput <arg>       Set a target max transactions per second for the loader (default: 0 (don`t limit TPS)).
--T,--transaction-timeout <arg>  Transaction timeout in milliseconds for write (default: no timeout)
--e,--expiration-time <arg>      Time to expire of a record in seconds (default: never expire)
--tz,--timezone <arg>            TimeZone of source where datadump is taken (default: local timeZone)
--ec,--abort-Error-Count<arg>    Abort when error occurs more than this value (default: 0 (don`t abort))
--wa,--write-Action <arg>        Write action if key already exists (default: update)
--tls,--tls-enable               Use TLS/SSL sockets(default: False)
--tp,--tls-protocols             Allow TLS protocols. Values:  TLSv1,TLSv1.1,TLSv1.2 separated by comma (default: TLSv1.2)
--tlsCiphers,--tls-cipher-suite  Allow TLS cipher suites. Values:  cipher names defined by JVM separated by comma (default: null (default cipher list provided by JVM))
--tr,--tls-revoke                Revoke certificates identified by their serial number. Values:  serial numbers separated by comma (default: null (Do not revoke certificates))
--uk,--send-user-key             Send user defined key in addition to hash digest to store on the server. (default: userKey is not sent to reduce meta-data overhead)
--um,--unorderedMaps             If this flag is present write all maps as unordered maps.
--u,--usage                      Print usage.
--v,--verbose                    Verbose mode for debug logging (default: INFO)
--V,--version                    Print version
-```
+For available options and their descriptions run with asloader's --usage option.
+
+        $ java -cp aerospike-load-*-jar-with-dependencies.jar com.aerospike.load.AerospikeLoad --usage
+        $ ./run_loader --usage
 
-For more details, refer to [Options](doc/options.md).
+For more details, refer to [Options](https://aerospike.com/docs/tools/asloader/options).
 
 ### Some extra info about internal working:
 
 * There are 2 types of threads:
     * reader threads (reads CSV files) (The number of reader threads = either number of CPUs or number of files in the directory, whichever one is lower.)
     * writer threads (writes to the cluster) (The number of writer threads = number of CPUs * 5 (5 is scaleFactor))
 
-### Sample usage of all options:
+### Sample usage of common options:
 
         $ ./run_loader -h nodex -p 3000 -n test -T 3000 -e 2592000 -ec 100 -tz PST -wa update -c ~/pathto/config.json datafiles/
 

doc/releasenotes.md

@@ -91,4 +91,14 @@
 ## Aerospike Loader [4.0.1] Release Date [7 Aug 2023]
 ## Security:
 * [Snyk] Security upgrade com.aerospike:aerospike-client from 6.1.7 to 7.0.0 by @arrowplum in https://github.com/aerospike/aerospike-loader/pull/40
-  * TOOLS-2640 fix [CVE-2023](https://aerospike.atlassian.net/browse/TOOLS-2640)
+  * TOOLS-2640 fix [CVE-2023](https://aerospike.atlassian.net/browse/TOOLS-2640)
+
+## Aerospike Loader [4.0.2] Release Date [15 Jan 2024]
+## Security
+* [Snyk] Upgrade org.apache.logging.log4j:log4j-api from 2.20.0 to 2.21.0
+* [Snyk] Upgrade org.apache.logging.log4j:log4j-core from 2.20.0 to 2.21.0
+* [Snyk] Upgrade commons-cli:commons-cli from 1.5.0 to 1.6.0
+
+## Bug Fixes:
+* TOOLS-2826 \(ASLOADER\) Fixed an issue where ldap users fail read-write role validation.
+Asloader no longer checks if the Aerospike user has read-write permissions before beginning writes.

pom.xml

@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.aerospike</groupId>
 	<artifactId>aerospike-load</artifactId>
-	<version>4.0.1</version>
+	<version>4.0.2</version>
 	<name>Aerospike DSV Loader</name>
 	<packaging>jar</packaging>
 
@@ -32,7 +32,7 @@
 		<dependency>
 			<groupId>com.aerospike</groupId>
 			<artifactId>aerospike-client</artifactId>
-			<version>7.0.0</version>
+			<version>7.2.1</version>
 		</dependency>
 		<!-- Apache command line parser. -->
 		<dependency>

src/main/java/com/aerospike/load/AerospikeLoad.java

@@ -60,30 +60,7 @@
  * 
  * It will import multiple Data Dump files concurrently
  * 
- * To run: java -jar aerospike-import-<version> <options> <file names>
- * The options are:
- * -h,--hosts <arg>      			List of seed hosts (default: localhost)
- * -p,--port <arg>      			Server port (default: 3000)
- * -U,--user <arg>                  User name
- * -P,--password <arg>              Password
- * -n,--namespace <arg> 			Namespace (default: test)
- * -c,--config <arg>   				Column definition file in JSON format
- * -g,--max-throughput <arg>        Set a target transactions per second for the loader. The loader should not exceed this average throughput.
- * -T,--transaction-timeout <arg>	Transaction timeout in milliseconds for write (default: no timeout)
- * -e,--expiration-time <arg>		Time to expire of a record in seconds(default: never expire)
- * -tz,--timezone <arg>				TimeZone of source where datadump is taken (default: local timeZone)
- * -ec,--abort-Error-Count<arg>		Abort when error occurs more than this value(default: 0(don't abort))
- * -wa,--write-Action <arg>			Write action if key already exists (default: update)
- * -tls,--tls-enable                Use TLS/SSL sockets(default: False)
- * -tp,--tls-protocols              Allow TLS protocols. Values:  TLSv1,TLSv1.1,TLSv1.2 separated by comma (default: TLSv1.2)
- * -tlsCiphers,--tls-cipher-suite   Allow TLS cipher suites. Values:  cipher names defined by JVM separated by comma (default: null (default cipher list provided by JVM))
- * -tr,--tls-revoke                 Revoke certificates identified by their serial number. Values:  serial numbers separated by comma (default: null (Do not revoke certificates))
- * -uk,--send-user-key              Send user defined key in addition to hash digest to store on the server. (default: userKey is not sent to reduce meta-data overhead)
- * -u,--usage           			Print usage.
- * -v,--verbose						Verbose mode for debug logging (default: INFO)
- * -um,--unordered-map				Write maps as unorderd (default: false)
- * The file names can be a series of file names or directories. 
- *
+ * To run: java -jar aerospike-import-<version> <options> <file names> *
  * @author Aerospike
  *
  */
@@ -273,16 +250,6 @@ private static AerospikeClient getAerospikeClient(CommandLine cl) {
 			log.error("Client is not able to connect:" + params.hosts);
 			return null;
 		}
-		try {
-			// Check read-write role is given to user.
-			if (!client.queryUser(null, clientPolicy.user).roles.contains(Role.ReadWrite)) {
-				log.error("User role:" + client.queryUser(null, clientPolicy.user).roles.toString() + " Expected:" + Role.ReadWrite);
-				return null;
-			}
-		}
-		catch (AerospikeException e) {
-			// Ignore if security is not enabled.
-		}
 		return client;
 	}