summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulius Goryavsky <julius.goryavsky@mariadb.com>2022-03-10 09:58:26 +0100
committerJulius Goryavsky <julius.goryavsky@mariadb.com>2022-03-15 13:20:00 +0100
commit5602f73e5265cb6f6470f79084a676d650027e33 (patch)
tree23ff00cc4afda4c7e318ab8ce6210ccac2405710
parent867657f474dc9f53e38f434b7e836d9f3994d7da (diff)
downloadmariadb-git-bb-10.9-MDEV-19281.tar.gz
MENT-1437: Failure in hashicorp_key_rotation_age testbb-10.9-MDEV-19281
Fixed a failure in the hashicorp key_rotation_age test - the test made more robust and working with the latest changes in the innodb. Also improved error handling during plugin initialization (memory deallocation is performed in the case of failure).
Diffstat
-rw-r--r--plugin/hashicorp_key_management/hashicorp_key_management.cnf2
-rw-r--r--plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc36
-rw-r--r--plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_key_rotation_age.result64
-rw-r--r--plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_rotation_age.test30
4 files changed, 68 insertions, 64 deletions
diff --git a/plugin/hashicorp_key_management/hashicorp_key_management.cnf b/plugin/hashicorp_key_management/hashicorp_key_management.cnf
index 1f428917d2c..9a55e77b951 100644
--- a/plugin/hashicorp_key_management/hashicorp_key_management.cnf
+++ b/plugin/hashicorp_key_management/hashicorp_key_management.cnf
@@ -1,4 +1,4 @@
-# Copyright (C) 2019-2021 MariaDB Corporation
+# Copyright (C) 2019-2022 MariaDB Corporation
#
# This is a default configuration for the Hashicorp Vault plugin.
# You can read more about the parameters of this plugin in the
diff --git a/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc b/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc
index 549dce68b3c..f07a1048f7e 100644
--- a/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc
+++ b/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc
@@ -1,4 +1,4 @@
-/* Copyright (C) 2019-2021 MariaDB Corporation
+/* Copyright (C) 2019-2022 MariaDB Corporation
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -114,7 +114,8 @@ static void cache_add (const KEY_INFO& info, bool update_version)
"cache_add: key_id = %u, key_version = %u, "
"timestamp = %u, update_version = %u, new version = %u",
ME_ERROR_LOG_ONLY | ME_NOTE, key_id, key_version,
- timestamp, (int) update_version, ver_info.key_version);
+ ver_info.timestamp, (int) update_version,
+ ver_info.key_version);
#endif
mtx.unlock();
}
@@ -918,7 +919,6 @@ static int hashicorp_key_management_plugin_init(void *p)
const static size_t x_vault_token_len = strlen(x_vault_token);
char *token_env= getenv("VAULT_TOKEN");
size_t token_len = strlen(token);
- local_token = NULL;
if (token_len == 0)
{
if (token_env)
@@ -989,16 +989,9 @@ static int hashicorp_key_management_plugin_init(void *p)
{
my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER
"Memory allocation error", 0);
- return 1;
+ goto Failure2;
}
snprintf(token_header, buf_len, "%s%s", x_vault_token, token);
- curl_global_init(CURL_GLOBAL_ALL);
- list = curl_slist_append(list, token_header);
- if (list == NULL)
- {
- my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER
- "curl: unable to construct slist", 0);
- }
vault_url_len = strlen(vault_url);
/*
Checking the maximum allowable length to protect
@@ -1009,6 +1002,15 @@ static int hashicorp_key_management_plugin_init(void *p)
my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER
"Maximum allowed vault URL length exceeded",
0);
+Failure:
+ free(token_header);
+ token_header = NULL;
+Failure2:
+ if (local_token)
+ {
+ free(local_token);
+ local_token = NULL;
+ }
return 1;
}
if (vault_url_len && vault_url[vault_url_len - 1] == '/')
@@ -1024,12 +1026,22 @@ static int hashicorp_key_management_plugin_init(void *p)
{
my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER
"Memory allocation error", 0);
- return 1;
+ goto Failure;
}
memcpy(vault_url_data, vault_url, vault_url_len);
memcpy(vault_url_data + vault_url_len, "/data/", 7);
cache_max_time = ms_to_ticks(cache_timeout);
cache_max_ver_time = ms_to_ticks(cache_version_timeout);
+ /* Initialize curl: */
+ curl_global_init(CURL_GLOBAL_ALL);
+ list = curl_slist_append(list, token_header);
+ if (list == NULL)
+ {
+ my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER
+ "curl: unable to construct slist", 0);
+ curl_global_cleanup();
+ goto Failure;
+ }
return 0;
}
diff --git a/plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_key_rotation_age.result b/plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_key_rotation_age.result
index 0deafd459e3..3576712070e 100644
--- a/plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_key_rotation_age.result
+++ b/plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_key_rotation_age.result
@@ -22,14 +22,10 @@ INSERT INTO t33 VALUES (12345, '1234567890');
# Restart the server with encryption and rotate key age
# restart: with restart_parameters
# Wait until encryption threads have encrypted all tablespaces
-SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE "test/%";
NAME
-SELECT NAME, MIN_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
-NAME MIN_KEY_VERSION
-innodb_system 1
-mysql/innodb_table_stats 1
-mysql/innodb_index_stats 1
-mysql/transaction_registry 1
+SELECT NAME, CURRENT_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE "test/%";
+NAME CURRENT_KEY_VERSION
test/t1 1
test/t2 1
test/t3 1
@@ -43,35 +39,27 @@ ERROR HY000: Table storage engine 'InnoDB' does not support the create option 'E
alter table t33 encryption_key_id=222;
ERROR HY000: Table storage engine 'InnoDB' does not support the create option 'ENCRYPTION_KEY_ID'
# Wait until encryption threads have encrypted all tablespaces
-SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE "test/%";
NAME
test/t4
-SELECT NAME, MIN_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
-NAME MIN_KEY_VERSION
-innodb_system 1
-mysql/innodb_table_stats 1
-mysql/innodb_index_stats 1
-mysql/transaction_registry 1
-test/t1 1
-test/t2 1
-test/t3 1
+SELECT NAME, CURRENT_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE "test/%";
+NAME CURRENT_KEY_VERSION
+test/t1 2
+test/t2 2
+test/t3 2
test/t33 1
# Disable encryption when innodb_encryption_rotate_key_age is 0
set global innodb_encrypt_tables = OFF;
# Wait until encryption threads to decrypt all encrypted tablespaces
-SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE "test/%";
NAME
-innodb_system
-mysql/innodb_table_stats
-mysql/innodb_index_stats
-mysql/transaction_registry
test/t1
test/t2
test/t4
# Display only encrypted create tables (t3)
-SELECT NAME, MIN_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
-NAME MIN_KEY_VERSION
-test/t3 1
+SELECT NAME, CURRENT_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE "test/%";
+NAME CURRENT_KEY_VERSION
+test/t3 2
test/t33 1
alter table t33 encryption_key_id=333;
ERROR HY000: Table storage engine 'InnoDB' does not support the create option 'ENCRYPTION_KEY_ID'
@@ -81,33 +69,27 @@ ERROR HY000: Table storage engine 'InnoDB' does not support the create option 'E
# Enable encryption when innodb_encryption_rotate_key_age is 0
set global innodb_encrypt_tables = ON;
# Wait until encryption threads to encrypt all unencrypted tablespaces
-SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE "test/%";
NAME
test/t4
# Display only unencrypted create tables (t4)
-SELECT NAME, MIN_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
-NAME MIN_KEY_VERSION
-innodb_system 3
-mysql/innodb_table_stats 3
-mysql/innodb_index_stats 3
-mysql/transaction_registry 3
+SELECT NAME, CURRENT_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE "test/%";
+NAME CURRENT_KEY_VERSION
test/t1 3
test/t2 3
-test/t3 1
+test/t3 3
test/t33 1
# restart: with restart_parameters
-SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
+alter table t33 encryption_key_id=555;
+ERROR HY000: Table storage engine 'InnoDB' does not support the create option 'ENCRYPTION_KEY_ID'
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE "test/%";
NAME
test/t4
-SELECT NAME, MIN_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
-NAME MIN_KEY_VERSION
-innodb_system 3
-mysql/innodb_table_stats 3
-mysql/innodb_index_stats 3
-mysql/transaction_registry 3
+SELECT NAME, CURRENT_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE "test/%";
+NAME CURRENT_KEY_VERSION
test/t1 3
test/t2 3
-test/t3 1
+test/t3 3
test/t33 1
DROP TABLE t4, t3, t2, t1;
DROP TABLE t33;
diff --git a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_rotation_age.test b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_rotation_age.test
index 6126ec24fae..ce99406ab06 100644
--- a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_rotation_age.test
+++ b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_key_rotation_age.test
@@ -38,8 +38,9 @@ let $restart_parameters=$default_parameters --innodb_encryption_threads=5 --inno
--let $wait_condition=SELECT COUNT(*) >= $tables_count FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
--source include/wait_condition.inc
-SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
-SELECT NAME, MIN_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE "test/%";
+--sorted_result
+SELECT NAME, CURRENT_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE "test/%";
--echo # Restart the server with innodb_encryption_rotate_key_age= 0
@@ -67,8 +68,9 @@ alter table t33 encryption_key_id=222;
--let $wait_condition=SELECT COUNT(*) >= $tables_count FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
--source include/wait_condition.inc
-SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
-SELECT NAME, MIN_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE "test/%";
+--sorted_result
+SELECT NAME, CURRENT_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE "test/%";
--echo # Disable encryption when innodb_encryption_rotate_key_age is 0
set global innodb_encrypt_tables = OFF;
@@ -80,9 +82,11 @@ set global innodb_encrypt_tables = OFF;
--let $wait_condition=SELECT COUNT(*) >= $tables_count FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND ROTATING_OR_FLUSHING = 0;
--source include/wait_condition.inc
-SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
+--sorted_result
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE "test/%";
--echo # Display only encrypted create tables (t3)
-SELECT NAME, MIN_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+--sorted_result
+SELECT NAME, CURRENT_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE "test/%";
# artificial error useful for debugging a plugin
--error ER_ILLEGAL_HA_CREATE_OPTION
@@ -106,15 +110,21 @@ set global innodb_encrypt_tables = ON;
--let $wait_condition=SELECT COUNT(*) >= $tables_count FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
--source include/wait_condition.inc
-SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE "test/%";
--echo # Display only unencrypted create tables (t4)
-SELECT NAME, MIN_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+--sorted_result
+SELECT NAME, CURRENT_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE "test/%";
--let $restart_parameters=$default_parameters
--source include/restart_mysqld.inc
-SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
-SELECT NAME, MIN_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+# artificial error useful for debugging a plugin
+--error ER_ILLEGAL_HA_CREATE_OPTION
+alter table t33 encryption_key_id=555;
+
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE "test/%";
+--sorted_result
+SELECT NAME, CURRENT_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE "test/%";
DROP TABLE t4, t3, t2, t1;
DROP TABLE t33;
View Lorry Controller Status