本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
通过 Gremlin Go 使用 IAM 身份验证连接到 Amazon Neptune 数据库
概述
本指南演示如何使用 Gremlin Go 驱动程序、签名版本 4 身份验证和适用于 GO v2 的Amazon软件开发工具包连接到启用 IAM 身份验证的 Amazon Neptune 数据库。
先决条件
-
启用 IAM 身份验证的 Amazon Neptune 集群。
-
Go 1.22 或更高版本(请参阅支持的 Gremlin Go
和适用于 Go v2 的 Amazon SDK 的最低版本)。 -
Amazon已配置证书(通过环境变量、共享凭证文件或 IAM 角色)
创建基本连接
使用以下代码示例作为指导,了解如何使用 Gremlin Go 驱动程序与 IAM 身份验证建立基本连接。
package main import ( "context" "fmt" "github.com/aws/aws-sdk-go-v2/config" "net/http" "strings" "time" gremlingo "github.com/apache/tinkerpop/gremlin-go/v3/driver" v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" ) const emptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` func main() { neptuneEndpoint := "you.cluster.endpoint.neptune.amazonaws.com" connString := "wss://" + neptuneEndpoint + ":8182/gremlin" service := "neptune-db" defaultRegion := "us-east-1" // Create request to sign req, err := http.NewRequest(http.MethodGet, connString, strings.NewReader("")) if err != nil { fmt.Println(err) return } // Loads the default config with default credentials provider // See https://github.com/aws/aws-sdk-go-v2 for additional docs on API usage cfg, err := config.LoadDefaultConfig(context.TODO()) if err != nil { fmt.Println(err) return } // Retrieve loaded credentials cr, err := cfg.Credentials.Retrieve(context.TODO()) if err != nil { fmt.Println(err) return } region := defaultRegion if cfg.Region != "" { // region set inside config profile, or via AWS_REGION or AWS_DEFAULT_REGION environment variable will be loaded region = cfg.Region } signer := v4.NewSigner() // Sign request err = signer.SignHTTP(context.TODO(), cr, req, emptyStringSHA256, service, "us-east-2", time.Now()) if err != nil { fmt.Println(err) return } // Pass the signed request header into gremlingo.HeaderAuthInfo() driverRemoteConnection, err := gremlingo.NewDriverRemoteConnection(connString, func(settings *gremlingo.DriverRemoteConnectionSettings) { settings.TraversalSource = "g" settings.AuthInfo = gremlingo.HeaderAuthInfo(req.Header) // settings.TlsConfig = &tls.Config{InsecureSkipVerify: true} // Use this only if you're on a Mac running Go 1.18+ doing local dev. See https://github.com/golang/go/issues/51991 }) if err != nil { fmt.Println(err) return } // Cleanup defer driverRemoteConnection.Close() // Creating graph traversal g := gremlingo.Traversal_().WithRemote(driverRemoteConnection) // Query execution count, err := g.V().Limit(5).Count().Next() if err != nil { fmt.Println(err) return } fmt.Println("Vertex count:", *count) }
Gremlin Go 动态凭证刷新
Gremlin Go 允许注入函数指针来检索凭据并生成标头,从而防止长时间运行的连接导致标头过期。 DynamicAuth
package main import ( "context" "crypto/tls" "fmt" "github.com/aws/aws-sdk-go-v2/config" "net/http" "strings" "time" gremlingo "github.com/apache/tinkerpop/gremlin-go/v3/driver" v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" ) const emptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` func main() { neptuneEndpoint := "you.cluster.endpoint.neptune.amazonaws.com" connString := "wss://" + neptuneEndpoint + ":8182/gremlin" service := "neptune-db" defaultRegion := "us-east-1" //Create the request to sign req, err := http.NewRequest(http.MethodGet, connString, strings.NewReader("")) if err != nil { fmt.Println(err) return } // Loads the default config with default credentials provider // See https://github.com/aws/aws-sdk-go-v2 for additional docs on API usage cfg, err := config.LoadDefaultConfig(context.TODO()) if err != nil { fmt.Println(err) return } region := defaultRegion if cfg.Region != "" { // region set inside config profile, or via AWS_REGION or AWS_DEFAULT_REGION environment variable will be loaded region = cfg.Region } signer := v4.NewSigner() // This is the function that will be used for dynamic refreseh of credentials and signed headers gen := func() gremlingo.AuthInfoProvider { // Retrieve loaded credentials cr, err := cfg.Credentials.Retrieve(context.TODO()) fmt.Println("AWS Credentials: ", cr) if err != nil { fmt.Println(err) return } // Sign request err = signer.SignHTTP(context.TODO(), cr, req, emptyStringSHA256, service, region, time.Now()) if err != nil { fmt.Println(err) return } fmt.Println(req.Header) return gremlingo.HeaderAuthInfo(req.Header) } // Pass the function into gremlingo.NewDynamicAuth(), which will generate the AuthInfoProvider to pass into gremlingo.DriverRemoteConnectionSettings below auth := gremlingo.NewDynamicAuth(gen) driverRemoteConnection, err := gremlingo.NewDriverRemoteConnection(connString, func(settings *gremlingo.DriverRemoteConnectionSettings) { settings.TraversalSource = "g" settings.AuthInfo = auth // settings.TlsConfig = &tls.Config{InsecureSkipVerify: true} // Use this only if you're on a Mac running Go 1.18+ doing local dev. See https://github.com/golang/go/issues/51991 }) if err != nil { fmt.Println(err) return } // Cleanup defer driverRemoteConnection.Close() // Creating graph traversal g := gremlingo.Traversal_().WithRemote(driverRemoteConnection) // Query execution count, err := g.V().Limit(5).Count().Next() if err != nil { fmt.Println(err) return } fmt.Println("Vertex count:", *count) }