WL#16505 component_keyring_hashicorp

Krzysztof Horszczaruk · Krzysztof Horszczaruk · commit ddbc82b75de0 · 2025-02-27T17:48:53.000+01:00
component_keyring_hashicorp implementation:
  * based on keyring_hashicorp plugin
  * MTR tests for the component created
  * deprecation warning for keyring_hashicorp plugin added
  * V$OPTION support for component_keyring_hashicorp added

Change-Id: I5efe9a4439d98e44641c92626547a62e654c73e1
diff --git a/components/keyrings/common/data/data.cc b/components/keyrings/common/data/data.cc
@@ -60,7 +60,10 @@ Data &Data::operator=(Data &&src) noexcept {
 }
 
 /** Destructor */
-Data::~Data() { valid_ = false; }
+Data::~Data() {
+  data_.replace(0, data_.length(), data_.length(), '*');
+  valid_ = false;
+}
 
 /** Return self */
 Data Data::get_data() const { return *this; }
diff --git a/components/keyrings/common/operations/operations.h b/components/keyrings/common/operations/operations.h
@@ -618,6 +618,14 @@ class Keyring_operations {
     return false;
   }
 
+  /**
+    Clear API to clear entire data cache
+  */
+  void clear() {
+    cache_.clear();
+    valid_ = 0;
+  }
+
   /**
     Generate API
 
diff --git a/packaging/deb-in/CMakeLists.txt b/packaging/deb-in/CMakeLists.txt
@@ -112,6 +112,7 @@ usr/lib/mysql/plugin/authentication_pam.so
 usr/lib/mysql/plugin/authentication_webauthn.so
 usr/lib/mysql/plugin/component_enterprise_encryption.so
 usr/lib/mysql/plugin/component_keyring_encrypted_file.so
+usr/lib/mysql/plugin/component_keyring_hashicorp.so
 usr/lib/mysql/plugin/component_keyring_oci.so
 usr/lib/mysql/plugin/data_masking.so
 usr/lib/mysql/plugin/firewall.so
diff --git a/packaging/deb-in/deb_debug.cmake b/packaging/deb-in/deb_debug.cmake
@@ -226,6 +226,7 @@ usr/lib/mysql/plugin/debug/keyring_hashicorp.so
 usr/lib/mysql/plugin/debug/thread_pool.so
 usr/lib/mysql/plugin/debug/firewall.so
 usr/lib/mysql/plugin/debug/component_keyring_encrypted_file.so
+usr/lib/mysql/plugin/debug/component_keyring_hashicorp.so
 usr/lib/mysql/plugin/debug/component_keyring_oci.so
 usr/lib/mysql/plugin/debug/component_enterprise_encryption.so
 usr/lib/mysql/plugin/debug/component_masking.so
diff --git a/packaging/rpm-docker/mysql.spec.in b/packaging/rpm-docker/mysql.spec.in
@@ -692,6 +692,7 @@ rm -r $(readlink var) var
 %attr(755, root, root) %{_libdir}/mysql/plugin/component_keyring_aws.so
 %endif # add_component_keyring_aws
 %attr(755, root, root) %{_libdir}/mysql/plugin/component_keyring_encrypted_file.so
+%attr(755, root, root) %{_libdir}/mysql/plugin/component_keyring_hashicorp.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/component_keyring_oci.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/component_enterprise_encryption.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/component_masking.so
@@ -725,6 +726,9 @@ rm -r $(readlink var) var
 * Fri Jan 10 2025 Anibal Pinto <anibal.pinto@oracle.com> - 9.3.0-1
 - Added component_group_replication_elect_prefers_most_updated
 
+* Thu Jan 09 2025 Krzysztof Horszczaruk <krzysztof.horszczaruk@oracle.com> - 9.3.0-1
+- Add component_keyring_hashicorp.so component
+
 * Fri Nov 29 2024 Jaideep Karande <jaideep.karande@oracle.com> - 9.2.0-1
 - Added component_group_replication_resource_manager
 
diff --git a/packaging/rpm-oel/mysql.spec.in b/packaging/rpm-oel/mysql.spec.in
@@ -860,6 +860,7 @@ mkdir debug
            -DWITH_AUTHENTICATION_OPENID_CONNECT=0 \
            -DWITH_AUTHENTICATION_LDAP=0 \
            -DWITH_AUTHENTICATION_OCI=0 \
+           -DWITH_COMPONENT_KEYRING_HASHICORP=0 \
            -DWITH_COMPONENT_KEYRING_OCI=0 \
            -DWITH_CURL=0 \
            -DWITH_KEYRING_HASHICORP=0 \
@@ -907,6 +908,7 @@ mkdir release
            -DWITH_AUTHENTICATION_OPENID_CONNECT=0 \
            -DWITH_AUTHENTICATION_LDAP=0 \
            -DWITH_AUTHENTICATION_OCI=0 \
+           -DWITH_COMPONENT_KEYRING_HASHICORP=0 \
            -DWITH_COMPONENT_KEYRING_OCI=0 \
            -DWITH_CURL=0 \
            -DWITH_KEYRING_HASHICORP=0 \
@@ -961,6 +963,7 @@ mkdir release
            -DWITH_AUTHENTICATION_OPENID_CONNECT=0 \
            -DWITH_AUTHENTICATION_LDAP=0 \
            -DWITH_AUTHENTICATION_OCI=0 \
+           -DWITH_COMPONENT_KEYRING_HASHICORP=0 \
            -DWITH_COMPONENT_KEYRING_OCI=0 \
            -DWITH_CURL=0 \
            -DWITH_KEYRING_HASHICORP=0 \
@@ -1292,6 +1295,7 @@ fi
 %attr(755, root, root) %{_libdir}/mysql/plugin/authentication_openid_connect.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/authentication_ldap_sasl.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/authentication_ldap_simple.so
+%attr(755, root, root) %{_libdir}/mysql/plugin/component_keyring_hashicorp.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/component_keyring_oci.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/keyring_hashicorp.so
 %endif # ssl_default
@@ -1390,6 +1394,7 @@ fi
 %attr(755, root, root) %{_libdir}/mysql/plugin/debug/authentication_openid_connect.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/debug/authentication_ldap_sasl.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/debug/authentication_ldap_simple.so
+%attr(755, root, root) %{_libdir}/mysql/plugin/debug/component_keyring_hashicorp.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/debug/component_keyring_oci.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/debug/keyring_hashicorp.so
 %endif # ssl_default
@@ -1987,6 +1992,9 @@ fi
 * Fri Jan 10 2025 Anibal Pinto <anibal.pinto@oracle.com> - 9.3.0-1
 - Added component_group_replication_elect_prefers_most_updated
 
+* Thu Jan 09 2025 Krzysztof Horszczaruk <krzysztof.horszczaruk@oracle.com> - 9.0.3-1
+- Add component_keyring_hashicorp.so component
+
 * Fri Nov 29 2024 Jaideep Karande <jaideep.karande@oracle.com> - 9.2.0-1
 - Added component_group_replication_resource_manager
 
diff --git a/packaging/rpm-sles/mysql.spec.in b/packaging/rpm-sles/mysql.spec.in
@@ -941,6 +941,7 @@ fi
 %attr(755, root, root) %{_libdir}/mysql/plugin/component_keyring_aws.so
 %endif # add_component_keyring_aws
 %attr(755, root, root) %{_libdir}/mysql/plugin/component_keyring_encrypted_file.so
+%attr(755, root, root) %{_libdir}/mysql/plugin/component_keyring_hashicorp.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/component_keyring_oci.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/telemetry_client.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/data_masking.so
@@ -1034,6 +1035,7 @@ fi
 %attr(755, root, root) %{_libdir}/mysql/plugin/debug/component_keyring_aws.so
 %endif # add_component_keyring_aws
 %attr(755, root, root) %{_libdir}/mysql/plugin/debug/component_keyring_encrypted_file.so
+%attr(755, root, root) %{_libdir}/mysql/plugin/debug/component_keyring_hashicorp.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/debug/component_keyring_oci.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/debug/component_enterprise_encryption.so
 %attr(755, root, root) %{_libdir}/mysql/plugin/debug/component_masking.so
diff --git a/share/messages_to_error_log.txt b/share/messages_to_error_log.txt
@@ -13044,6 +13044,18 @@ ER_GRP_PRIMARY_ELECTION_METHOD_MEMBER_WEIGHT
 ER_GRP_PRIMARY_ELECTION_FATAL_PROCESS
   eng "Fatal error during the primary election process of Group Replication. The server will leave the group."
 
+ER_KEYRING_COMPONENT_KEYRING_HASHICORP_DATA_EXTRACT_FAILED
+   eng "Hashicorp Vault DATA extract failed."
+
+ER_KEYRING_COMPONENT_KEYRING_HASHICORP_KEY_MALFORMED
+   eng "Hashicorp Vault KEY malformed."
+
+ER_KEYRING_COMPONENT_KEYRING_HASHICORP_AUTH_FAIL
+   eng "Hashicorp Vault server authentication failed."
+
+ER_KEYRING_COMPONENT_KEYRING_HASHICORP_CURL_SETOPT_FAILED
+   eng "Hashicorp Vault server curl_easy_setopt failed."
+
 ################################################################################
 # Error numbers 50000 to 51999 are reserved. Please do not use them for
 # other error messages.
