Merging upstream version 1:10.11.8.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-18 13:22:53 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-18 13:22:53 +0000
commit: 347c164c35eddab388009470e6848cb361ac93f8 (patch)
tree: 2c0c44eac690f510bb0a35b2a13b36d606b77b6b /plugin/hashicorp_key_management
parent: Releasing progress-linux version 1:10.11.7-4~progress7.99u1. (diff)
download: mariadb-347c164c35eddab388009470e6848cb361ac93f8.tar.xz
mariadb-347c164c35eddab388009470e6848cb361ac93f8.zip
10 files changed, 32 insertions, 82 deletions
diff --git a/plugin/hashicorp_key_management/CMakeLists.txt b/plugin/hashicorp_key_management/CMakeLists.txt
index bd1eee84..809b480f 100644
--- a/plugin/hashicorp_key_management/CMakeLists.txt
+++ b/plugin/hashicorp_key_management/CMakeLists.txt
@@ -1,10 +1,13 @@
-INCLUDE(FindCURL)
+FIND_PACKAGE(CURL)
 IF(NOT CURL_FOUND)
   # Can't build plugin
+  MESSAGE_ONCE(WARNING "Hashicorp Key Management plugin requires curl development package")
   RETURN()
 ENDIF()
 
-INCLUDE_DIRECTORIES(${CURL_INCLUDE_DIR})
+SET_PACKAGE_PROPERTIES(CURL PROPERTIES TYPE REQUIRED)
+
+INCLUDE_DIRECTORIES(${CURL_INCLUDE_DIRS})
 
 set(CPACK_RPM_hashicorp-key-management_PACKAGE_SUMMARY "Hashicorp Key Management plugin for MariaDB" PARENT_SCOPE)
 set(CPACK_RPM_hashicorp-key-management_PACKAGE_DESCRIPTION "This encryption plugin uses Hashicorp Vault for storing encryption
diff --git a/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc b/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc
index bdc2f734..dfeb1aca 100644
--- a/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc
+++ b/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc
@@ -13,28 +13,21 @@
  along with this program; if not, write to the Free Software
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335  USA */
 
-#include <my_global.h>
 #include <mysql/plugin_encryption.h>
 #include <mysqld_error.h>
+#include <my_alloca.h>
 #include <string.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <time.h>
 #include <errno.h>
 #include <string>
 #include <sstream>
 #include <curl/curl.h>
-#ifdef _WIN32
-#include <malloc.h>
-#define alloca _alloca
-#endif
 #include <algorithm>
 #include <unordered_map>
 #include <mutex>
 
-#if defined(__cpp_exceptions) || defined(__EXCEPTIONS) || defined(_CPPUNWIND)
-#define HASHICORP_HAVE_EXCEPTIONS 1
-#else
-#define HASHICORP_HAVE_EXCEPTIONS 0
-#endif
-
 #define HASHICORP_DEBUG_LOGGING 0
 
 #define PLUGIN_ERROR_HEADER "hashicorp: "
@@ -209,15 +202,6 @@ unsigned int
   if (key_version == ENCRYPTION_KEY_VERSION_INVALID)
   {
     clock_t timestamp;
-#if HASHICORP_HAVE_EXCEPTIONS
-    try
-    {
-      VER_INFO &ver_info = latest_version_cache.at(key_id);
-      version = ver_info.key_version;
-      timestamp = ver_info.timestamp;
-    }
-    catch (const std::out_of_range &e)
-#else
     VER_MAP::const_iterator ver_iter = latest_version_cache.find(key_id);
     if (ver_iter != latest_version_cache.end())
     {
@@ -225,7 +209,6 @@ unsigned int
       timestamp = ver_iter->second.timestamp;
     }
     else
-#endif
     {
       mtx.unlock();
       return ENCRYPTION_KEY_VERSION_INVALID;
@@ -246,13 +229,6 @@ unsigned int
     }
   }
   KEY_INFO info;
-#if HASHICORP_HAVE_EXCEPTIONS
-  try
-  {
-    info = key_info_cache.at(KEY_ID_AND_VERSION(key_id, version));
-  }
-  catch (const std::out_of_range &e)
-#else
   KEY_MAP::const_iterator key_iter =
     key_info_cache.find(KEY_ID_AND_VERSION(key_id, version));
   if (key_iter != key_info_cache.end())
@@ -260,7 +236,6 @@ unsigned int
     info = key_iter->second;
   }
   else
-#endif
   {
     mtx.unlock();
     return ENCRYPTION_KEY_VERSION_INVALID;
@@ -305,20 +280,12 @@ unsigned int HCData::cache_get_version (unsigned int key_id)
 {
   unsigned int version;
   mtx.lock();
-#if HASHICORP_HAVE_EXCEPTIONS
-  try
-  {
-    version = latest_version_cache.at(key_id).key_version;
-  }
-  catch (const std::out_of_range &e)
-#else
   VER_MAP::const_iterator ver_iter = latest_version_cache.find(key_id);
   if (ver_iter != latest_version_cache.end())
   {
     version = ver_iter->second.key_version;
   }
   else
-#endif
   {
     version = ENCRYPTION_KEY_VERSION_INVALID;
   }
@@ -331,15 +298,6 @@ unsigned int HCData::cache_check_version (unsigned int key_id)
   unsigned int version;
   clock_t timestamp;
   mtx.lock();
-#if HASHICORP_HAVE_EXCEPTIONS
-  try
-  {
-    VER_INFO &ver_info = latest_version_cache.at(key_id);
-    version = ver_info.key_version;
-    timestamp = ver_info.timestamp;
-  }
-  catch (const std::out_of_range &e)
-#else
   VER_MAP::const_iterator ver_iter = latest_version_cache.find(key_id);
   if (ver_iter != latest_version_cache.end())
   {
@@ -347,7 +305,6 @@ unsigned int HCData::cache_check_version (unsigned int key_id)
     timestamp = ver_iter->second.timestamp;
   }
   else
-#endif
   {
     mtx.unlock();
 #if HASHICORP_DEBUG_LOGGING
@@ -978,29 +935,6 @@ struct st_mariadb_encryption hashicorp_key_management_plugin= {
   0, 0, 0, 0, 0
 };
 
-#ifdef _MSC_VER
-
-static int setenv (const char *name, const char *value, int overwrite)
-{
-  if (!overwrite)
-  {
-    size_t len= 0;
-    int rc= getenv_s(&len, NULL, 0, name);
-    if (rc)
-    {
-      return rc;
-    }
-    if (len)
-    {
-      errno = EINVAL;
-      return EINVAL;
-    }
-  }
-  return _putenv_s(name, value);
-}
-
-#endif
-
 #define MAX_URL_SIZE 32768
 
 int HCData::init ()
@@ -1053,7 +987,11 @@ int HCData::init ()
     bool not_equal= token_env != NULL && strcmp(token_env, token) != 0;
     if (token_env == NULL || not_equal)
     {
-      setenv("VAULT_TOKEN", token, 1);
+#if defined(HAVE_SETENV) || !defined(_WIN32)
+        setenv("VAULT_TOKEN", token, 1);
+#else
+        _putenv_s("VAULT_TOKEN", token);
+#endif
       if (not_equal)
       {
         my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER
diff --git a/plugin/hashicorp_key_management/mysql-test/vault/suite.pm b/plugin/hashicorp_key_management/mysql-test/vault/suite.pm
index fce17373..bd08ff4f 100644
--- a/plugin/hashicorp_key_management/mysql-test/vault/suite.pm
+++ b/plugin/hashicorp_key_management/mysql-test/vault/suite.pm
@@ -1,9 +1,13 @@
 package My::Suite::Vault;
+use My::Platform;
 
 @ISA = qw(My::Suite);
 
 use strict;
 
+return "Hashicorp Key Management plugin tests are currently not available on Windows"
+  if IS_WINDOWS;
+
 return "You need to set the value of the VAULT_ADDR variable"
   unless $ENV{VAULT_ADDR};
 
diff --git a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_cache_after_recreate.test b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_cache_after_recreate.test
index 9dee7376..925e89a3 100644
--- a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_cache_after_recreate.test
+++ b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_cache_after_recreate.test
@@ -11,7 +11,7 @@
 --exec vault kv put /bug/1 data=01234567890123456789012345678901 > /dev/null
 --exec vault kv put /bug/4 data=01234567890123456789012345678904 > /dev/null
 
---let $restart_parameters=--plugin-load-add=hashicorp_key_management --hashicorp-key-management-vault-url="$VAULT_ADDR/v1/bug/" --hashicorp-key-management-token="$VAULT_TOKEN"
+--let $restart_parameters=--plugin-load-add=hashicorp_key_management --hashicorp-key-management-vault-url=$VAULT_ADDR/v1/bug/ --hashicorp-key-management-token=$VAULT_TOKEN
 --let $restart_noprint=1
 --source include/restart_mysqld.inc
 
diff --git a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_check_kv_version.test b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_check_kv_version.test
index c108781b..7d9a952f 100644
--- a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_check_kv_version.test
+++ b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_check_kv_version.test
@@ -20,7 +20,7 @@
 --error 0,1
 --remove_file $LOG_FILE
 
---let $vault_defaults=--plugin-load-add=hashicorp_key_management --hashicorp_key_management=force --hashicorp-key-management-check-kv-version=on --hashicorp-key-management-token="$VAULT_TOKEN"
+--let $vault_defaults=--plugin-load-add=hashicorp_key_management --hashicorp_key_management=force --hashicorp-key-management-check-kv-version=on --hashicorp-key-management-token=$VAULT_TOKEN
 --let $defaults=--defaults-group-suffix=.1 --defaults-file=$MYSQLTEST_VARDIR/my.cnf $vault_defaults --log-error=$LOG_FILE
 
 --error 1
@@ -30,14 +30,14 @@
 
 --remove_file $LOG_FILE
 
---let $restart_parameters=$vault_defaults --hashicorp-key-management-vault-url="$VAULT_ADDR/v1/good"
+--let $restart_parameters=$vault_defaults --hashicorp-key-management-vault-url=$VAULT_ADDR/v1/good
 --let $restart_noprint=1
 --source include/start_mysqld.inc
 
 CREATE TABLE t1 (a VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=1;
 INSERT INTO t1 VALUES ('foo'),('bar');
 
---let $restart_parameters=$vault_defaults --hashicorp-key-management-vault-url="$VAULT_ADDR/v1/good//"
+--let $restart_parameters=$vault_defaults --hashicorp-key-management-vault-url=$VAULT_ADDR/v1/good//
 --source include/restart_mysqld.inc
 
 CREATE TABLE t2 (a VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=2;
diff --git a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_migration.test b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_migration.test
index 2e67c2cc..62253cd7 100644
--- a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_migration.test
+++ b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_migration.test
@@ -24,7 +24,7 @@ SELECT * FROM t1;
 --exec vault secrets disable bug > /dev/null
 --exec vault secrets enable -path /bug -version=2 kv > /dev/null
 --exec vault kv put /bug/1 data=$my_key > /dev/null
---let $restart_parameters=--plugin-load-add=hashicorp_key_management --hashicorp-key-management-vault-url="$VAULT_ADDR/v1/bug/" --hashicorp-key-management-token="$VAULT_TOKEN"
+--let $restart_parameters=--plugin-load-add=hashicorp_key_management --hashicorp-key-management-vault-url=$VAULT_ADDR/v1/bug/ --hashicorp-key-management-token=$VAULT_TOKEN
 --source include/restart_mysqld.inc
 
 CREATE TABLE t2 (a VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=1;
diff --git a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_rotation_age.test b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_rotation_age.test
index ce99406a..4cdeb227 100644
--- a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_rotation_age.test
+++ b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_rotation_age.test
@@ -8,7 +8,7 @@ replace_result $VAULT_ADDR VAULT_ADDR;
 SHOW GLOBAL variables LIKE "hashicorp%";
 
 --echo # Restart the server with encryption
-let $default_parameters="--innodb-tablespaces-encryption --innodb_encrypt_tables=ON";
+let $default_parameters=--innodb-tablespaces-encryption --innodb_encrypt_tables=ON;
 let $restart_noprint=1;
 let $restart_parameters=$default_parameters;
 --source include/restart_mysqld.inc
diff --git a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_mariabackup.opt b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_mariabackup.opt
new file mode 100644
index 00000000..1df46435
--- /dev/null
+++ b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_mariabackup.opt
@@ -0,0 +1 @@
+--innodb --loose-changed_page_bitmaps --innodb-sys-tables --innodb-flush-log-at-trx-commit=2 --sequence
diff --git a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_mariabackup.test b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_mariabackup.test
index 6ade4e11..97753555 100644
--- a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_mariabackup.test
+++ b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_mariabackup.test
@@ -8,9 +8,13 @@
 CREATE TABLE t(i INT) ENGINE INNODB encrypted=yes encryption_key_id=1;
 INSERT INTO t VALUES(1);
 
-echo # mariabackup backup;
 let $targetdir=$MYSQLTEST_VARDIR/tmp/backup;
 
+--error 0,1
+rmdir $targetdir;
+
+echo # mariabackup backup;
+
 --disable_result_log
 exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup --target-dir=$targetdir;
 --enable_result_log
diff --git a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_url_prefix.test b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_url_prefix.test
index 4d26affb..ef88b61c 100644
--- a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_url_prefix.test
+++ b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_url_prefix.test
@@ -16,7 +16,7 @@
 --error 0,1
 --remove_file $LOG_FILE
 
---let $vault_defaults=--plugin-load-add=hashicorp_key_management --hashicorp_key_management=force --hashicorp-key-management-check-kv-version=off --hashicorp-key-management-token="$VAULT_TOKEN"
+--let $vault_defaults=--plugin-load-add=hashicorp_key_management --hashicorp_key_management=force --hashicorp-key-management-check-kv-version=off --hashicorp-key-management-token=$VAULT_TOKEN
 --let $defaults=--defaults-group-suffix=.1 --defaults-file=$MYSQLTEST_VARDIR/my.cnf $vault_defaults --log-error=$LOG_FILE
 
 --error 1
@@ -76,7 +76,7 @@
 
 --remove_file $LOG_FILE
 
---let $restart_parameters=$vault_defaults --hashicorp-key-management-vault-url="$VAULT_ADDR/v1/bug///"
+--let $restart_parameters=$vault_defaults --hashicorp-key-management-vault-url=$VAULT_ADDR/v1/bug///
 --let $restart_noprint=1
 --source include/start_mysqld.inc
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-18 13:22:53 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-18 13:22:53 +0000
commit	347c164c35eddab388009470e6848cb361ac93f8 (patch)
tree	2c0c44eac690f510bb0a35b2a13b36d606b77b6b /plugin/hashicorp_key_management
parent	Releasing progress-linux version 1:10.11.7-4~progress7.99u1. (diff)
download	mariadb-347c164c35eddab388009470e6848cb361ac93f8.tar.xz mariadb-347c164c35eddab388009470e6848cb361ac93f8.zip