From 347c164c35eddab388009470e6848cb361ac93f8 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 18 May 2024 15:22:53 +0200 Subject: Merging upstream version 1:10.11.8. Signed-off-by: Daniel Baumann --- plugin/hashicorp_key_management/CMakeLists.txt | 7 +- .../hashicorp_key_management_plugin.cc | 80 +++------------------- .../mysql-test/vault/suite.pm | 4 ++ .../vault/t/hashicorp_cache_after_recreate.test | 2 +- .../vault/t/hashicorp_check_kv_version.test | 6 +- .../vault/t/hashicorp_key_migration.test | 2 +- .../vault/t/hashicorp_key_rotation_age.test | 2 +- .../mysql-test/vault/t/hashicorp_mariabackup.opt | 1 + .../mysql-test/vault/t/hashicorp_mariabackup.test | 6 +- .../mysql-test/vault/t/hashicorp_url_prefix.test | 4 +- 10 files changed, 32 insertions(+), 82 deletions(-) create mode 100644 plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_mariabackup.opt (limited to 'plugin/hashicorp_key_management') diff --git a/plugin/hashicorp_key_management/CMakeLists.txt b/plugin/hashicorp_key_management/CMakeLists.txt index bd1eee84..809b480f 100644 --- a/plugin/hashicorp_key_management/CMakeLists.txt +++ b/plugin/hashicorp_key_management/CMakeLists.txt @@ -1,10 +1,13 @@ -INCLUDE(FindCURL) +FIND_PACKAGE(CURL) IF(NOT CURL_FOUND) # Can't build plugin + MESSAGE_ONCE(WARNING "Hashicorp Key Management plugin requires curl development package") RETURN() ENDIF() -INCLUDE_DIRECTORIES(${CURL_INCLUDE_DIR}) +SET_PACKAGE_PROPERTIES(CURL PROPERTIES TYPE REQUIRED) + +INCLUDE_DIRECTORIES(${CURL_INCLUDE_DIRS}) set(CPACK_RPM_hashicorp-key-management_PACKAGE_SUMMARY "Hashicorp Key Management plugin for MariaDB" PARENT_SCOPE) set(CPACK_RPM_hashicorp-key-management_PACKAGE_DESCRIPTION "This encryption plugin uses Hashicorp Vault for storing encryption diff --git a/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc b/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc index bdc2f734..dfeb1aca 100644 --- a/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc +++ b/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc @@ -13,28 +13,21 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA */ -#include #include #include +#include #include +#include +#include +#include #include #include #include #include -#ifdef _WIN32 -#include -#define alloca _alloca -#endif #include #include #include -#if defined(__cpp_exceptions) || defined(__EXCEPTIONS) || defined(_CPPUNWIND) -#define HASHICORP_HAVE_EXCEPTIONS 1 -#else -#define HASHICORP_HAVE_EXCEPTIONS 0 -#endif - #define HASHICORP_DEBUG_LOGGING 0 #define PLUGIN_ERROR_HEADER "hashicorp: " @@ -209,15 +202,6 @@ unsigned int if (key_version == ENCRYPTION_KEY_VERSION_INVALID) { clock_t timestamp; -#if HASHICORP_HAVE_EXCEPTIONS - try - { - VER_INFO &ver_info = latest_version_cache.at(key_id); - version = ver_info.key_version; - timestamp = ver_info.timestamp; - } - catch (const std::out_of_range &e) -#else VER_MAP::const_iterator ver_iter = latest_version_cache.find(key_id); if (ver_iter != latest_version_cache.end()) { @@ -225,7 +209,6 @@ unsigned int timestamp = ver_iter->second.timestamp; } else -#endif { mtx.unlock(); return ENCRYPTION_KEY_VERSION_INVALID; @@ -246,13 +229,6 @@ unsigned int } } KEY_INFO info; -#if HASHICORP_HAVE_EXCEPTIONS - try - { - info = key_info_cache.at(KEY_ID_AND_VERSION(key_id, version)); - } - catch (const std::out_of_range &e) -#else KEY_MAP::const_iterator key_iter = key_info_cache.find(KEY_ID_AND_VERSION(key_id, version)); if (key_iter != key_info_cache.end()) @@ -260,7 +236,6 @@ unsigned int info = key_iter->second; } else -#endif { mtx.unlock(); return ENCRYPTION_KEY_VERSION_INVALID; @@ -305,20 +280,12 @@ unsigned int HCData::cache_get_version (unsigned int key_id) { unsigned int version; mtx.lock(); -#if HASHICORP_HAVE_EXCEPTIONS - try - { - version = latest_version_cache.at(key_id).key_version; - } - catch (const std::out_of_range &e) -#else VER_MAP::const_iterator ver_iter = latest_version_cache.find(key_id); if (ver_iter != latest_version_cache.end()) { version = ver_iter->second.key_version; } else -#endif { version = ENCRYPTION_KEY_VERSION_INVALID; } @@ -331,15 +298,6 @@ unsigned int HCData::cache_check_version (unsigned int key_id) unsigned int version; clock_t timestamp; mtx.lock(); -#if HASHICORP_HAVE_EXCEPTIONS - try - { - VER_INFO &ver_info = latest_version_cache.at(key_id); - version = ver_info.key_version; - timestamp = ver_info.timestamp; - } - catch (const std::out_of_range &e) -#else VER_MAP::const_iterator ver_iter = latest_version_cache.find(key_id); if (ver_iter != latest_version_cache.end()) { @@ -347,7 +305,6 @@ unsigned int HCData::cache_check_version (unsigned int key_id) timestamp = ver_iter->second.timestamp; } else -#endif { mtx.unlock(); #if HASHICORP_DEBUG_LOGGING @@ -978,29 +935,6 @@ struct st_mariadb_encryption hashicorp_key_management_plugin= { 0, 0, 0, 0, 0 }; -#ifdef _MSC_VER - -static int setenv (const char *name, const char *value, int overwrite) -{ - if (!overwrite) - { - size_t len= 0; - int rc= getenv_s(&len, NULL, 0, name); - if (rc) - { - return rc; - } - if (len) - { - errno = EINVAL; - return EINVAL; - } - } - return _putenv_s(name, value); -} - -#endif - #define MAX_URL_SIZE 32768 int HCData::init () @@ -1053,7 +987,11 @@ int HCData::init () bool not_equal= token_env != NULL && strcmp(token_env, token) != 0; if (token_env == NULL || not_equal) { - setenv("VAULT_TOKEN", token, 1); +#if defined(HAVE_SETENV) || !defined(_WIN32) + setenv("VAULT_TOKEN", token, 1); +#else + _putenv_s("VAULT_TOKEN", token); +#endif if (not_equal) { my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER diff --git a/plugin/hashicorp_key_management/mysql-test/vault/suite.pm b/plugin/hashicorp_key_management/mysql-test/vault/suite.pm index fce17373..bd08ff4f 100644 --- a/plugin/hashicorp_key_management/mysql-test/vault/suite.pm +++ b/plugin/hashicorp_key_management/mysql-test/vault/suite.pm @@ -1,9 +1,13 @@ package My::Suite::Vault; +use My::Platform; @ISA = qw(My::Suite); use strict; +return "Hashicorp Key Management plugin tests are currently not available on Windows" + if IS_WINDOWS; + return "You need to set the value of the VAULT_ADDR variable" unless $ENV{VAULT_ADDR}; diff --git a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_cache_after_recreate.test b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_cache_after_recreate.test index 9dee7376..925e89a3 100644 --- a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_cache_after_recreate.test +++ b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_cache_after_recreate.test @@ -11,7 +11,7 @@ --exec vault kv put /bug/1 data=01234567890123456789012345678901 > /dev/null --exec vault kv put /bug/4 data=01234567890123456789012345678904 > /dev/null ---let $restart_parameters=--plugin-load-add=hashicorp_key_management --hashicorp-key-management-vault-url="$VAULT_ADDR/v1/bug/" --hashicorp-key-management-token="$VAULT_TOKEN" +--let $restart_parameters=--plugin-load-add=hashicorp_key_management --hashicorp-key-management-vault-url=$VAULT_ADDR/v1/bug/ --hashicorp-key-management-token=$VAULT_TOKEN --let $restart_noprint=1 --source include/restart_mysqld.inc diff --git a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_check_kv_version.test b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_check_kv_version.test index c108781b..7d9a952f 100644 --- a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_check_kv_version.test +++ b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_check_kv_version.test @@ -20,7 +20,7 @@ --error 0,1 --remove_file $LOG_FILE ---let $vault_defaults=--plugin-load-add=hashicorp_key_management --hashicorp_key_management=force --hashicorp-key-management-check-kv-version=on --hashicorp-key-management-token="$VAULT_TOKEN" +--let $vault_defaults=--plugin-load-add=hashicorp_key_management --hashicorp_key_management=force --hashicorp-key-management-check-kv-version=on --hashicorp-key-management-token=$VAULT_TOKEN --let $defaults=--defaults-group-suffix=.1 --defaults-file=$MYSQLTEST_VARDIR/my.cnf $vault_defaults --log-error=$LOG_FILE --error 1 @@ -30,14 +30,14 @@ --remove_file $LOG_FILE ---let $restart_parameters=$vault_defaults --hashicorp-key-management-vault-url="$VAULT_ADDR/v1/good" +--let $restart_parameters=$vault_defaults --hashicorp-key-management-vault-url=$VAULT_ADDR/v1/good --let $restart_noprint=1 --source include/start_mysqld.inc CREATE TABLE t1 (a VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=1; INSERT INTO t1 VALUES ('foo'),('bar'); ---let $restart_parameters=$vault_defaults --hashicorp-key-management-vault-url="$VAULT_ADDR/v1/good//" +--let $restart_parameters=$vault_defaults --hashicorp-key-management-vault-url=$VAULT_ADDR/v1/good// --source include/restart_mysqld.inc CREATE TABLE t2 (a VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=2; diff --git a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_migration.test b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_migration.test index 2e67c2cc..62253cd7 100644 --- a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_migration.test +++ b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_migration.test @@ -24,7 +24,7 @@ SELECT * FROM t1; --exec vault secrets disable bug > /dev/null --exec vault secrets enable -path /bug -version=2 kv > /dev/null --exec vault kv put /bug/1 data=$my_key > /dev/null ---let $restart_parameters=--plugin-load-add=hashicorp_key_management --hashicorp-key-management-vault-url="$VAULT_ADDR/v1/bug/" --hashicorp-key-management-token="$VAULT_TOKEN" +--let $restart_parameters=--plugin-load-add=hashicorp_key_management --hashicorp-key-management-vault-url=$VAULT_ADDR/v1/bug/ --hashicorp-key-management-token=$VAULT_TOKEN --source include/restart_mysqld.inc CREATE TABLE t2 (a VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=1; diff --git a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_rotation_age.test b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_rotation_age.test index ce99406a..4cdeb227 100644 --- a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_rotation_age.test +++ b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_rotation_age.test @@ -8,7 +8,7 @@ replace_result $VAULT_ADDR VAULT_ADDR; SHOW GLOBAL variables LIKE "hashicorp%"; --echo # Restart the server with encryption -let $default_parameters="--innodb-tablespaces-encryption --innodb_encrypt_tables=ON"; +let $default_parameters=--innodb-tablespaces-encryption --innodb_encrypt_tables=ON; let $restart_noprint=1; let $restart_parameters=$default_parameters; --source include/restart_mysqld.inc diff --git a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_mariabackup.opt b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_mariabackup.opt new file mode 100644 index 00000000..1df46435 --- /dev/null +++ b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_mariabackup.opt @@ -0,0 +1 @@ +--innodb --loose-changed_page_bitmaps --innodb-sys-tables --innodb-flush-log-at-trx-commit=2 --sequence diff --git a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_mariabackup.test b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_mariabackup.test index 6ade4e11..97753555 100644 --- a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_mariabackup.test +++ b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_mariabackup.test @@ -8,9 +8,13 @@ CREATE TABLE t(i INT) ENGINE INNODB encrypted=yes encryption_key_id=1; INSERT INTO t VALUES(1); -echo # mariabackup backup; let $targetdir=$MYSQLTEST_VARDIR/tmp/backup; +--error 0,1 +rmdir $targetdir; + +echo # mariabackup backup; + --disable_result_log exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup --target-dir=$targetdir; --enable_result_log diff --git a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_url_prefix.test b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_url_prefix.test index 4d26affb..ef88b61c 100644 --- a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_url_prefix.test +++ b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_url_prefix.test @@ -16,7 +16,7 @@ --error 0,1 --remove_file $LOG_FILE ---let $vault_defaults=--plugin-load-add=hashicorp_key_management --hashicorp_key_management=force --hashicorp-key-management-check-kv-version=off --hashicorp-key-management-token="$VAULT_TOKEN" +--let $vault_defaults=--plugin-load-add=hashicorp_key_management --hashicorp_key_management=force --hashicorp-key-management-check-kv-version=off --hashicorp-key-management-token=$VAULT_TOKEN --let $defaults=--defaults-group-suffix=.1 --defaults-file=$MYSQLTEST_VARDIR/my.cnf $vault_defaults --log-error=$LOG_FILE --error 1 @@ -76,7 +76,7 @@ --remove_file $LOG_FILE ---let $restart_parameters=$vault_defaults --hashicorp-key-management-vault-url="$VAULT_ADDR/v1/bug///" +--let $restart_parameters=$vault_defaults --hashicorp-key-management-vault-url=$VAULT_ADDR/v1/bug/// --let $restart_noprint=1 --source include/start_mysqld.inc -- cgit v1.2.3