Feature - Vault Integration Phase2

.dockerignore

@@ -17,7 +17,9 @@ LICENSE
 # Build artifacts (exclude, will be built in container)
 build/
 target/
+**/target/
 dist/
+clients/
 *.o
 *.so
 *.dylib

Dockerfile

@@ -16,7 +16,7 @@
 # ============================================================================
 # Stage 1: Base builder with all dependencies
 # ============================================================================
-FROM golang:1.24-alpine AS builder-base
+FROM golang:1.25-alpine AS builder-base
 
 # Install build dependencies (cached layer)
 RUN apk add --no-cache \

cmd/prism-admin/backend_assignment.go

@@ -0,0 +1,176 @@
+package main
+
+import (
+	"context"
+	"fmt"
+
+	configv1 "github.com/jrepp/prism-data-layer/pkg/plugin/gen/prism/config/v1"
+)
+
+// BackendAssigner implements Layer 4: Backend Assignment
+// Assigns specific backend instances to pattern slots.
+type BackendAssigner struct {
+	storage *Storage
+}
+
+// NewBackendAssigner creates a new backend assigner
+func NewBackendAssigner(storage *Storage) *BackendAssigner {
+	return &BackendAssigner{
+		storage: storage,
+	}
+}
+
+// AssignBackends performs backend assignment for pattern slots.
+//
+// Layer 4 responsibilities (RFC-056):
+// - Map slots to actual backend instances
+// - Select backends based on requirements and availability
+// - Generate slot bindings with connection info
+// - Handle multi-tenancy and isolation requirements
+//
+// For now, this is a simple implementation that:
+// 1. Creates default backend instances based on slot backend_type
+// 2. Generates connection strings (localhost for dev)
+// 3. Returns slot bindings ready for deployment
+//
+// Future enhancements:
+// - Query backend registry for available backends
+// - Select backends based on region, capacity, cost
+// - Handle backend pooling and multi-tenancy
+// - Generate dynamic credentials via Vault
+// - Implement backend health checking
+func (ba *BackendAssigner) AssignBackends(
+	ctx context.Context,
+	req *configv1.NamespaceRequest,
+) ([]*configv1.SlotBinding, error) {
+	if req == nil {
+		return nil, fmt.Errorf("namespace request is nil")
+	}
+
+	var bindings []*configv1.SlotBinding
+
+	// Process each pattern's slots
+	for _, pattern := range req.Patterns {
+		// Process requires slots
+		for _, slot := range pattern.Requires {
+			binding, err := ba.createSlotBinding(ctx, req.Namespace, pattern.Name, slot)
+			if err != nil {
+				return nil, fmt.Errorf("pattern %s, slot %s: %w", pattern.Name, slot.Name, err)
+			}
+			bindings = append(bindings, binding)
+		}
+
+		// Process produces slots
+		for _, slot := range pattern.Produces {
+			binding, err := ba.createSlotBinding(ctx, req.Namespace, pattern.Name, slot)
+			if err != nil {
+				return nil, fmt.Errorf("pattern %s, slot %s: %w", pattern.Name, slot.Name, err)
+			}
+			bindings = append(bindings, binding)
+		}
+	}
+
+	return bindings, nil
+}
+
+// createSlotBinding creates a slot binding for a specific slot.
+//
+// This generates the backend connection configuration including:
+// - Backend instance ID
+// - Connection endpoint
+// - Credential path (vault:// for dynamic credentials)
+// - Status and metadata
+func (ba *BackendAssigner) createSlotBinding(
+	ctx context.Context,
+	namespace string,
+	patternName string,
+	slot *configv1.Slot,
+) (*configv1.SlotBinding, error) {
+	// Generate backend instance ID
+	backendID := fmt.Sprintf("%s-%s-%s", namespace, patternName, slot.Name)
+
+	// Get connection endpoint based on backend type
+	endpoint, err := ba.getBackendEndpoint(slot.BackendType)
+	if err != nil {
+		return nil, err
+	}
+
+	// Determine credential source
+	credentialSource := fmt.Sprintf(
+		"vault://secret/data/prism/%s/%s/%s",
+		namespace,
+		patternName,
+		slot.Name,
+	)
+	if slot.Config != nil && slot.Config.CredentialPath != "" {
+		credentialSource = slot.Config.CredentialPath
+	}
+
+	// Create slot binding
+	binding := &configv1.SlotBinding{
+		PatternName:      patternName,
+		SlotName:         slot.Name,
+		BackendId:        backendID,
+		BackendEndpoint:  endpoint,
+		CredentialSource: credentialSource,
+	}
+
+	return binding, nil
+}
+
+// getBackendEndpoint returns the connection endpoint for a backend type.
+//
+// This returns default local endpoints for development.
+// In production, this would query a backend registry service.
+func (ba *BackendAssigner) getBackendEndpoint(backendType configv1.BackendType) (string, error) {
+	switch backendType {
+	case configv1.BackendType_BACKEND_TYPE_REDIS:
+		return "localhost:6379", nil
+	case configv1.BackendType_BACKEND_TYPE_POSTGRES:
+		return "localhost:5432", nil
+	case configv1.BackendType_BACKEND_TYPE_KAFKA:
+		return "localhost:9092", nil
+	case configv1.BackendType_BACKEND_TYPE_NATS:
+		return "localhost:4222", nil
+	case configv1.BackendType_BACKEND_TYPE_NEPTUNE:
+		return "", fmt.Errorf("Neptune backend requires AWS configuration")
+	case configv1.BackendType_BACKEND_TYPE_SQLITE:
+		return "/tmp/prism.db", nil
+	case configv1.BackendType_BACKEND_TYPE_S3:
+		return "localhost:9000", nil // MinIO
+	case configv1.BackendType_BACKEND_TYPE_SQS:
+		return "", fmt.Errorf("SQS backend requires AWS configuration")
+	case configv1.BackendType_BACKEND_TYPE_MEMSTORE:
+		return "memory://", nil
+	default:
+		return "", fmt.Errorf("unsupported backend type: %v", backendType)
+	}
+}
+
+// ValidateBackendAvailability checks if requested backends are available.
+//
+// This would:
+// - Check backend registry for availability
+// - Verify region/zone requirements
+// - Check capacity and resource limits
+// - Validate backend version compatibility
+//
+// For now, we just verify that we can map to an endpoint.
+func (ba *BackendAssigner) ValidateBackendAvailability(
+	ctx context.Context,
+	patterns []*configv1.Pattern,
+) error {
+	for _, pattern := range patterns {
+		for _, slot := range pattern.Requires {
+			if _, err := ba.getBackendEndpoint(slot.BackendType); err != nil {
+				return fmt.Errorf("pattern %s, slot %s: %w", pattern.Name, slot.Name, err)
+			}
+		}
+		for _, slot := range pattern.Produces {
+			if _, err := ba.getBackendEndpoint(slot.BackendType); err != nil {
+				return fmt.Errorf("pattern %s, slot %s: %w", pattern.Name, slot.Name, err)
+			}
+		}
+	}
+	return nil
+}

cmd/prism-admin/control_plane.go

@@ -9,23 +9,27 @@ import (
 
 	pb "github.com/jrepp/prism-data-layer/pkg/plugin/gen/prism"
 	adminpb "github.com/jrepp/prism-data-layer/pkg/plugin/gen/prism/admin"
+	configv1 "github.com/jrepp/prism-data-layer/pkg/plugin/gen/prism/config/v1"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
 
 // ControlPlaneService implements the ControlPlane gRPC service
 type ControlPlaneService struct {
 	pb.UnimplementedControlPlaneServer
-	storage    *Storage
-	partitions *PartitionManager
-	mu         sync.RWMutex
+	storage          *Storage
+	partitions       *PartitionManager
+	namespaceHandler *NamespaceHandler
+	mu               sync.RWMutex
 }
 
 // NewControlPlaneService creates a new control plane service
 func NewControlPlaneService(storage *Storage) *ControlPlaneService {
+	partitions := NewPartitionManager()
 	return &ControlPlaneService{
-		storage:    storage,
-		partitions: NewPartitionManager(),
+		storage:          storage,
+		partitions:       partitions,
+		namespaceHandler: NewNamespaceHandler(storage, partitions),
 	}
 }
 
@@ -99,50 +103,21 @@ func (s *ControlPlaneService) AssignNamespace(
 	}, nil
 }
 
-// CreateNamespace handles client-initiated namespace creation requests
+// CreateNamespace handles unified namespace creation requests
+// This implements the new protobuf-first namespace model with:
+// - Multi-pattern composition
+// - Slot-based backend dependencies
+// - Session-aware patterns
+// - Pattern selection (Layer 3)
+// - Backend assignment (Layer 4)
 func (s *ControlPlaneService) CreateNamespace(
 	ctx context.Context,
-	req *pb.CreateNamespaceRequest,
-) (*pb.CreateNamespaceResponse, error) {
+	req *configv1.NamespaceRequest,
+) (*configv1.NamespaceResponse, error) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 
-	fmt.Printf("[ControlPlane] CreateNamespace: namespace=%s, requesting_proxy=%s, principal=%s\n",
-		req.Namespace, req.RequestingProxy, req.Principal)
-
-	// Calculate partition ID for this namespace
-	partitionID := s.partitions.HashNamespace(req.Namespace)
-
-	// Find proxy assigned to this partition
-	// TODO: Query from storage - for now return error
-	var proxies []*adminpb.ProxyEntry
-	proxyID, err := s.partitions.GetProxyForPartitionFromSet(partitionID, proxies)
-	if err != nil {
-		return nil, status.Errorf(codes.FailedPrecondition,
-			"no proxy assigned to partition %d: %v", partitionID, err)
-	}
-
-	// Persist namespace in storage
-	ns := &Namespace{
-		Name:        req.Namespace,
-		Description: fmt.Sprintf("Created via %s by %s", req.RequestingProxy, req.Principal),
-	}
-
-	if err := s.storage.CreateNamespace(ctx, ns); err != nil {
-		return nil, status.Errorf(codes.Internal, "failed to create namespace: %v", err)
-	}
-
-	fmt.Printf("[ControlPlane] Namespace created: %s → partition %d → proxy %s\n",
-		req.Namespace, partitionID, proxyID)
-
-	// TODO: Send NamespaceAssignment to the assigned proxy
-
-	return &pb.CreateNamespaceResponse{
-		Success:           true,
-		Message:           "Namespace created successfully",
-		AssignedPartition: partitionID,
-		AssignedProxy:     proxyID,
-	}, nil
+	return s.namespaceHandler.CreateNamespace(ctx, req)
 }
 
 // Heartbeat receives periodic health updates from proxies