mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2026-04-30 20:25:32 +02:00
Code Issues Projects Releases Packages Wiki Activity

AWS KMS plugin : more detailed message when API calls fail.

Browse source 
Output API function name, exception name, exception text
This commit is contained in:
Vladislav Vaintroub 2018-10-03 16:49:19 +01:00
commit 753117fed0
1 changed files with 16 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

29
plugin/aws_key_management/aws_key_management_plugin.cc
View file

@ -106,6 +106,14 @@ static std::mutex mtx;
static Aws::KMS::KMSClient *client;
static void print_kms_error(const char *func, const Aws::Client::AWSError<Aws::KMS::KMSErrors>& err)
{
my_printf_error(ER_UNKNOWN_ERROR,
"AWS KMS plugin : KMS Client API '%s' failed : %s - %s",
ME_ERROR_LOG,
func, err.GetExceptionName().c_str(), err.GetMessage().c_str());
}
#if WITH_AWS_MOCK
/*
Mock routines to test plugin without actual AWS KMS interaction
@ -127,7 +135,7 @@ static int mock_generate_encrypted_key(Aws::Utils::ByteBuffer *result)
}
static int mock_decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* output, Aws::String *errmsg)
static int mock_decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* output)
{
/* We do not encrypt or decrypt in mock mode.*/
*output = input;
@ -401,14 +409,14 @@ static unsigned int get_latest_key_version_nolock(unsigned int key_id)
}
/* Decrypt Byte buffer with AWS. */
static int aws_decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* output, Aws::String *errmsg)
static int aws_decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* output)
{
DecryptRequest request;
request.SetCiphertextBlob(input);
DecryptOutcome outcome = client->Decrypt(request);
if (!outcome.IsSuccess())
{
*errmsg = outcome.GetError().GetMessage();
print_kms_error("Decrypt", outcome.GetError());
return -1;
}
*output= outcome.GetResult().GetPlaintext();
@ -416,13 +424,13 @@ static int aws_decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* out
}
static int decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* output, Aws::String *errmsg)
static int decrypt(Aws::Utils::ByteBuffer input, Aws::Utils::ByteBuffer* output)
{
#if WITH_AWS_MOCK
if(mock)
return mock_decrypt(input,output, errmsg);
return mock_decrypt(input,output);
#endif
return aws_decrypt(input, output, errmsg);
return aws_decrypt(input, output);
}
/*
@ -452,12 +460,9 @@ static int read_and_decrypt_key(const char *path, KEY_INFO *info)
Aws::Utils::ByteBuffer input((unsigned char *)contents.data(), pos);
Aws::Utils::ByteBuffer plaintext;
Aws::String errmsg;
if (decrypt(input, &plaintext, &errmsg))
if (decrypt(input, &plaintext))
{
my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin: Decrypt failed for %s : %s", ME_ERROR_LOG, path,
errmsg.c_str());
return -1;
}
@ -491,9 +496,7 @@ int aws_generate_encrypted_key(Aws::Utils::ByteBuffer *result)
outcome= client->GenerateDataKeyWithoutPlaintext(request);
if (!outcome.IsSuccess())
{
my_printf_error(ER_UNKNOWN_ERROR, "AWS KMS plugin : GenerateDataKeyWithoutPlaintext failed : %s - %s", ME_ERROR_LOG,
outcome.GetError().GetExceptionName().c_str(),
outcome.GetError().GetMessage().c_str());
print_kms_error("GenerateDataKeyWithoutPlaintext", outcome.GetError());
return(-1);
}
*result = outcome.GetResult().GetCiphertextBlob();