diff options
author | Julius Goryavsky <julius.goryavsky@mariadb.com> | 2022-04-28 14:56:41 +0200 |
---|---|---|
committer | Julius Goryavsky <julius.goryavsky@mariadb.com> | 2022-05-09 07:55:41 +0200 |
commit | 0902cfaec8cf15c042b1c2159db8ffc97e9bce95 (patch) | |
tree | 38f0b28090d0c5d7facec41cf0b396723ef47b4f | |
parent | 3d1f765066b561f9552b55ed9ba41b66815786f7 (diff) | |
download | mariadb-git-0902cfaec8cf15c042b1c2159db8ffc97e9bce95.tar.gz |
MDEV-28330: Hashicorp: Key caching doesn't appear to be working
Added test files for mtr that test failed configuration with
--loose-hashicorp-key-management-cache-version-timeout=180000
correctly set.
3 files changed, 46 insertions, 0 deletions
diff --git a/plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_cache_after_recreate.result b/plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_cache_after_recreate.result new file mode 100644 index 00000000000..a48c7873a09 --- /dev/null +++ b/plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_cache_after_recreate.result @@ -0,0 +1,9 @@ +# restart: with restart_parameters +CREATE TABLE t1 (a VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=4; +INSERT INTO t1 VALUES ('foo'),('bar'); +select @@hashicorp_key_management_caching_enabled, @@hashicorp_key_management_cache_timeout; +@@hashicorp_key_management_caching_enabled @@hashicorp_key_management_cache_timeout +1 180000 +CREATE TABLE t2 (a VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=4; +DROP TABLE IF EXISTS t1, t2; +# restart diff --git a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_cache_after_recreate.opt b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_cache_after_recreate.opt new file mode 100644 index 00000000000..0a4ff1d5986 --- /dev/null +++ b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_cache_after_recreate.opt @@ -0,0 +1,2 @@ +--loose-hashicorp-key-management-cache-timeout=180000 +--loose-hashicorp-key-management-cache-version-timeout=180000 diff --git a/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_cache_after_recreate.test b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_cache_after_recreate.test new file mode 100644 index 00000000000..9dee7376497 --- /dev/null +++ b/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_cache_after_recreate.test @@ -0,0 +1,35 @@ +# MDEV-28330: Key caching doesn't appear to be working + +# The test presumes that the local vault is running at $VAULT_ADDR, +# and the token is configured in $VAULT_TOKEN. + +--source include/have_innodb.inc +--source hashicorp_plugin.inc + +--exec vault secrets disable bug > /dev/null +--exec vault secrets enable -path /bug -version=2 kv > /dev/null +--exec vault kv put /bug/1 data=01234567890123456789012345678901 > /dev/null +--exec vault kv put /bug/4 data=01234567890123456789012345678904 > /dev/null + +--let $restart_parameters=--plugin-load-add=hashicorp_key_management --hashicorp-key-management-vault-url="$VAULT_ADDR/v1/bug/" --hashicorp-key-management-token="$VAULT_TOKEN" +--let $restart_noprint=1 +--source include/restart_mysqld.inc + +CREATE TABLE t1 (a VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=4; +INSERT INTO t1 VALUES ('foo'),('bar'); + +select @@hashicorp_key_management_caching_enabled, @@hashicorp_key_management_cache_timeout; + +--exec vault secrets disable bug > /dev/null +--exec vault secrets enable -path /bug -version=2 kv > /dev/null +--exec vault kv put /bug/1 data=01234567890123456789012345678901 > /dev/null + +CREATE TABLE t2 (a VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=4; + +# Cleanup +DROP TABLE IF EXISTS t1, t2; + +--let $restart_parameters= +--source include/restart_mysqld.inc + +--exec vault secrets disable bug > /dev/null |