mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2026-05-17 20:37:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

MDEV-38203 Hashicorp plugin lets keys timeout and doesn't use cached keys on vault errors

Browse source 
* let use_cache_on_timeout apply to other errors
* enable use_cache_on_timeout by default and deprecate it
* increase cache_timeout to max and deprecate it
* change it from long to portable longlong
* delete both in 13.3
This commit is contained in:
Sergei Golubchik 2025-12-02 19:21:00 +01:00
commit b998e3a7b9
4 changed files with 21 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

24
plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc
View file

@ -343,9 +343,11 @@ static int timeout;
static int max_retries;
static char caching_enabled;
static char check_kv_version;
static long cache_timeout; // for KEY_MAP key_info_cache
static long cache_version_timeout; // for VER_MAP latest_version_cache
#if MYSQL_VERSION_ID < 130300
static long long cache_timeout; // for KEY_MAP key_info_cache
static char use_cache_on_timeout;
#endif
static long cache_version_timeout; // for VER_MAP latest_version_cache
static MYSQL_SYSVAR_STR(vault_ca, vault_ca,
PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_READONLY,
@ -391,15 +393,15 @@ static void cache_timeout_update (MYSQL_THD thd,
void *var_ptr,
const void *save)
{
long timeout = * (long *) save;
* (long *) var_ptr = timeout;
long long timeout = * (long long *) save;
* (long long *) var_ptr = timeout;
cache_max_time = ms_to_ticks(timeout);
}
static MYSQL_SYSVAR_LONG(cache_timeout, cache_timeout,
PLUGIN_VAR_RQCMDARG,
static MYSQL_SYSVAR_LONGLONG(cache_timeout, cache_timeout,
PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_DEPRECATED,
"Cache timeout for key data (in milliseconds)",
NULL, cache_timeout_update, 24*60*60*1000, 0, LONG_MAX, 1);
NULL, cache_timeout_update, INT64_MAX, 0, INT64_MAX, 1);
static void
cache_version_timeout_update (MYSQL_THD thd,
@ -418,10 +420,10 @@ static MYSQL_SYSVAR_LONG(cache_version_timeout, cache_version_timeout,
NULL, cache_version_timeout_update, 60*1000, 0, LONG_MAX, 1);
static MYSQL_SYSVAR_BOOL(use_cache_on_timeout, use_cache_on_timeout,
PLUGIN_VAR_RQCMDARG,
"In case of timeout (when accessing the vault server) "
PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_DEPRECATED,
"In case of an error when accessing the vault server "
"use the value taken from the cache",
NULL, NULL, 0);
NULL, NULL, 1);
static struct st_mysql_sys_var *settings[] = {
MYSQL_SYSVAR(vault_url),
@ -532,7 +534,7 @@ int HCData::curl_run (const char *url, std::string *response,
&http_code)) != CURLE_OK)
{
curl_easy_cleanup(curl);
if (soft_timeout && curl_res == CURLE_OPERATION_TIMEDOUT)
if (soft_timeout)
{
return OPERATION_TIMEOUT;
}

4
plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_cache_timeout_update.result
View file

@ -6,12 +6,16 @@ SELECT
SET GLOBAL
HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT= 1,
HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT= 1;
Warnings:
Warning 1287 '@@hashicorp_key_management_cache_timeout' is deprecated and will be removed in a future release
SELECT
@@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT,
@@HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT;
@@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT @@HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT
1 1
SET GLOBAL HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT=0, HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT=180000;
Warnings:
Warning 1287 '@@hashicorp_key_management_cache_timeout' is deprecated and will be removed in a future release
SELECT
@@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT,
@@HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT;

4
plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_encode.result
View file

@ -1,12 +1,12 @@
SHOW GLOBAL variables LIKE "hashicorp%";
Variable_name Value
hashicorp_key_management_cache_timeout 86400000
hashicorp_key_management_cache_timeout 9223372036854775807
hashicorp_key_management_cache_version_timeout 60000
hashicorp_key_management_caching_enabled ON
hashicorp_key_management_check_kv_version OFF
hashicorp_key_management_max_retries 3
hashicorp_key_management_timeout 60
hashicorp_key_management_use_cache_on_timeout OFF
hashicorp_key_management_use_cache_on_timeout ON
hashicorp_key_management_vault_ca
hashicorp_key_management_vault_url VAULT_ADDR/v1/mariadbtest/
create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1;

4
plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_key_rotation_age.result
View file

@ -1,12 +1,12 @@
SHOW GLOBAL variables LIKE "hashicorp%";
Variable_name Value
hashicorp_key_management_cache_timeout 86400000
hashicorp_key_management_cache_timeout 9223372036854775807
hashicorp_key_management_cache_version_timeout 0
hashicorp_key_management_caching_enabled ON
hashicorp_key_management_check_kv_version OFF
hashicorp_key_management_max_retries 3
hashicorp_key_management_timeout 60
hashicorp_key_management_use_cache_on_timeout OFF
hashicorp_key_management_use_cache_on_timeout ON
hashicorp_key_management_vault_ca
hashicorp_key_management_vault_url VAULT_ADDR/v1/mariadbtest/
# Restart the server with encryption