MDEV-10847 Bring AWS KMS encryption plugin up-to-date with released SDK

- Library path's are different now - New dependency on Linux libuuid - Add calls for SDK Initialization/shutdown - Also add request_timeout parameter, default SDK HTTPs timeout appears to be too short in my tests
author: Vladislav Vaintroub <wlad@mariadb.com> 2016-09-27 11:18:24 +0000
committer: Vladislav Vaintroub <wlad@mariadb.com> 2016-09-27 11:18:24 +0000
commit: 3f5aedccca25da72e21d7859b55edeb172d45ce0 (patch)
tree: 59e5b21221ffdf3f2feed2750404cb0f2ab8a660
parent: f1aefd9d758a3d464d77ede64f960ff33326eb72 (diff)
download: mariadb-git-3f5aedccca25da72e21d7859b55edeb172d45ce0.tar.gz
2 files changed, 57 insertions, 34 deletions
diff --git a/plugin/aws_key_management/CMakeLists.txt b/plugin/aws_key_management/CMakeLists.txt
index 97bcfbb04db..83285ee6cc9 100644
--- a/plugin/aws_key_management/CMakeLists.txt
+++ b/plugin/aws_key_management/CMakeLists.txt
@@ -3,7 +3,7 @@
 # are
  
 # - OS : Windows,Linux or OSX
-# - C++11 compiler : VS2013+, gcc 4.7+, clang 3.3+
+# - C++11 compiler : VS2013+, gcc 4.8+, clang 3.3+
 # - libcurl development package needs to be present on Unixes
 #
 # If we build SDK outselves, we'll need require GIT to be present on the build machine
@@ -13,7 +13,10 @@
 # or if plugin is explicitely requested to build. Then bail out.
 MACRO(SKIP_AWS_PLUGIN msg)
   IF(VERBOSE OR "${PLUGIN_AWS_KEY_MANAGEMENT}" MATCHES "^(STATIC|DYNAMIC)$")
-    MESSAGE(STATUS "Skip aws_key_management - ${msg}")
+    MESSAGE(STATUS "Can't build aws_key_management - ${msg}")
+  ENDIF()
+  IF(TARGET aws_key_management)
+    MESSAGE(FATAL_ERROR "Error configuring aws_key_management - aborting")
   ENDIF()
   RETURN()
 ENDMACRO()
@@ -27,7 +30,7 @@ ENDIF()
 
 # This plugin needs recent C++ compilers (AWS C++ SDK header files are using C++11 features)
 SET(CXX11_FLAGS)
-SET(OLD_COMPILER_MSG "AWS SDK requires c++11 -capable compiler (minimal supported versions are g++ 4.7, clang 3.3, VS2103)")
+SET(OLD_COMPILER_MSG "AWS SDK requires c++11 -capable compiler (minimal supported versions are g++ 4.8, clang 3.3, VS2103)")
 
 IF(CMAKE_CXX_COMPILER_ID MATCHES "GNU")
   EXECUTE_PROCESS(COMMAND ${CMAKE_CXX_COMPILER} -dumpversion OUTPUT_VARIABLE GCC_VERSION)
@@ -54,26 +57,6 @@ IF (NOT(WIN32 OR APPLE  OR (CMAKE_SYSTEM_NAME MATCHES "Linux")))
 ENDIF()
 
 
-# Figure out where AWS installs SDK libraries 
-# The below is defined in AWS SDK's CMakeLists.txt 
-# (and their handling is weird, every OS has special install directory)
-IF(WIN32)
-  SET(SDK_INSTALL_BINARY_PREFIX "windows")
-ELSEIF(APPLE)
-  SET(SDK_INSTALL_BINARY_PREFIX "mac")
-ELSEIF(UNIX)
-  SET(SDK_INSTALL_BINARY_PREFIX "linux")
-ENDIF()
-IF(NOT APPLE)
- IF(CMAKE_SIZEOF_VOID_P EQUAL 8)
-   SET(SDK_INSTALL_BINARY_PREFIX "${SDK_INSTALL_BINARY_PREFIX}/intel64")
-  ELSE()
-   SET(SDK_INSTALL_BINARY_PREFIX "${SDK_INSTALL_BINARY_PREFIX}/ia32")
-  ENDIF()
-ENDIF()
-IF(CMAKE_CONFIGURATION_TYPES)
-  SET(SDK_INSTALL_BINARY_PREFIX "${SDK_INSTALL_BINARY_PREFIX}/${CMAKE_CFG_INTDIR}")
-ENDIF()
 
 FIND_LIBRARY(AWS_CPP_SDK_CORE NAMES aws-cpp-sdk-core PATH_SUFFIXES  "${SDK_INSTALL_BINARY_PREFIX}")
 FIND_LIBRARY(AWS_CPP_SDK_KMS NAMES aws-cpp-sdk-core PATH_SUFFIXES  "${SDK_INSTALL_BINARY_PREFIX}")
@@ -99,26 +82,35 @@ ELSE()
       SKIP_AWS_PLUGIN("AWS C++ SDK requires libcurl development package")
     ENDIF()
     SET(PIC_FLAG -fPIC)
+    FIND_PATH(UUID_INCLUDE_DIR uuid/uuid.h)
+    IF(NOT UUID_INCLUDE_DIR)
+      SKIP_AWS_PLUGIN("AWS C++ SDK requires uuid development package")
+    ENDIF()
+    IF(NOT APPLE)
+      FIND_LIBRARY(UUID_LIBRARIES uuid)
+      IF(NOT UUID_LIBRARIES)
+        SKIP_AWS_PLUGIN("AWS C++ SDK requires uuid development package")
+      ENDIF()
+    ENDIF()
   ENDIF()
   IF(MSVC)
-    SET(EXTRA_SDK_CMAKE_FLAGS -DCMAKE_CXX_FLAGS_DEBUGOPT="" -DCMAKE_EXE_LINKER_FLAGS_DEBUGOPT="" -DCMAKE_CXX_FLAGS=/wd4592)
+    SET(EXTRA_SDK_CMAKE_FLAGS -DCMAKE_CXX_FLAGS_DEBUGOPT="" -DCMAKE_EXE_LINKER_FLAGS_DEBUGOPT="" "-DCMAKE_CXX_FLAGS=/wd4530 /WX-")
   ENDIF()
   IF(CMAKE_CXX_COMPILER)
    SET(EXTRA_SDK_CMAKE_FLAGS ${EXTRA_SDK_CMAKE_FLAGS} -DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER})
   ENDIF()
 
-  # Relax AWS C++ SDK unreasonably high requirements for CMake version. Use replace utility (from MariaDB build)
-  # to patch their CMakeLists.txt
   SET(AWS_SDK_PATCH_COMMAND )
   ExternalProject_Add(
     aws_sdk_cpp
     GIT_REPOSITORY "https://github.com/awslabs/aws-sdk-cpp.git"
-    GIT_TAG "0.9.6" # single tag
+    GIT_TAG "1.0.8"
     UPDATE_COMMAND ""
-    PATCH_COMMAND replace 3.1.2 2.8 -- ${CMAKE_BINARY_DIR}/aws-sdk-cpp/CMakeLists.txt
     SOURCE_DIR "${CMAKE_BINARY_DIR}/aws-sdk-cpp"
     CMAKE_ARGS 
-    -DBUILD_ONLY=aws-cpp-sdk-kms -DSTATIC_LINKING=1 
+    -DBUILD_ONLY=kms
+    -DBUILD_SHARED_LIBS=OFF
+    -DFORCE_SHARED_CRT=OFF
     "-DCMAKE_CXX_FLAGS_DEBUG=${CMAKE_CXX_FLAGS_DEBUG} ${PIC_FLAG}"
     "-DCMAKE_CXX_FLAGS_RELWITHDEBINFO=${CMAKE_CXX_FLAGS_RELWITHDEBINFO} ${PIC_FLAG}"
     "-DCMAKE_CXX_FLAGS_RELEASE=${CMAKE_CXX_FLAGS_RELEASE} ${PIC_FLAG}"
@@ -127,18 +119,18 @@ ELSE()
     -DCMAKE_INSTALL_PREFIX=${CMAKE_BINARY_DIR}/aws_sdk_cpp
     TEST_COMMAND ""
   )
-
+  SET_TARGET_PROPERTIES(aws_sdk_cpp PROPERTIES EXCLUDE_FROM_ALL TRUE)
   # We do not need to build the whole SDK , just 2 of its libs
   set(AWS_SDK_LIBS aws-cpp-sdk-core aws-cpp-sdk-kms)
   FOREACH(lib ${AWS_SDK_LIBS})
     ADD_LIBRARY(${lib} STATIC IMPORTED GLOBAL)
     ADD_DEPENDENCIES(${lib} aws_sdk_cpp)
-    SET(loc "${CMAKE_BINARY_DIR}/aws_sdk_cpp/lib/${SDK_INSTALL_BINARY_PREFIX}/${CMAKE_STATIC_LIBRARY_PREFIX}${lib}${CMAKE_STATIC_LIBRARY_SUFFIX}")
+    SET(loc "${CMAKE_BINARY_DIR}/aws_sdk_cpp/lib/${CMAKE_STATIC_LIBRARY_PREFIX}${lib}${CMAKE_STATIC_LIBRARY_SUFFIX}")
     SET_TARGET_PROPERTIES(${lib} PROPERTIES IMPORTED_LOCATION ${loc})
     IF(WIN32)
       SET_TARGET_PROPERTIES(${lib} PROPERTIES IMPORTED_LINK_INTERFACE_LIBRARIES "bcrypt;winhttp;wininet;userenv")
     ELSE()
-      SET_TARGET_PROPERTIES(${lib} PROPERTIES IMPORTED_LINK_INTERFACE_LIBRARIES "${SSL_LIBRARIES};${CURL_LIBRARIES}")
+      SET_TARGET_PROPERTIES(${lib} PROPERTIES IMPORTED_LINK_INTERFACE_LIBRARIES "${SSL_LIBRARIES};${CURL_LIBRARIES};${UUID_LIBRARIES}")
     ENDIF()  
   ENDFOREACH()
 
@@ -150,5 +142,6 @@ ELSE()
   INCLUDE_DIRECTORIES(${CMAKE_BINARY_DIR}/aws_sdk_cpp/include)
 ENDIF()
 
+ADD_DEFINITIONS(${SSL_DEFINES}) # Need to know whether openssl should be initialized
 SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}  ${CXX11_FLAGS}")
 TARGET_LINK_LIBRARIES(aws_key_management ${AWS_SDK_LIBS})
diff --git a/plugin/aws_key_management/aws_key_management_plugin.cc b/plugin/aws_key_management/aws_key_management_plugin.cc
index f4d3c7a52bc..20a795eb437 100644
--- a/plugin/aws_key_management/aws_key_management_plugin.cc
+++ b/plugin/aws_key_management/aws_key_management_plugin.cc
@@ -34,6 +34,7 @@
 #include <sstream>
 #include <fstream>
 
+#include <aws/core/Aws.h>
 #include <aws/core/client/AWSError.h>
 #include <aws/core/utils/logging/AWSLogging.h>
 #include <aws/core/utils/logging/ConsoleLogSystem.h>
@@ -79,6 +80,7 @@ static char* master_key_id;
 static unsigned long key_spec;
 static unsigned long log_level;
 static int rotate_key;
+static int request_timeout;
 
 /* AWS functionality*/
 static int aws_decrypt_key(const char *path, KEY_INFO *info);
@@ -138,6 +140,7 @@ protected:
   }
 };
 
+Aws::SDKOptions sdkOptions;
 
 /* 
   Plugin initialization.
@@ -148,13 +151,30 @@ protected:
 static int plugin_init(void *p)
 {
   DBUG_ENTER("plugin_init");
-  client = new KMSClient();
+
+#ifdef HAVE_YASSL
+  sdkOptions.cryptoOptions.initAndCleanupOpenSSL = true;
+#else
+  /* Server initialized OpenSSL already, thus AWS must skip it */
+  sdkOptions.cryptoOptions.initAndCleanupOpenSSL = false;
+#endif
+
+  Aws::InitAPI(sdkOptions);
+  InitializeAWSLogging(Aws::MakeShared<MySQLLogSystem>("aws_key_management_plugin", (Aws::Utils::Logging::LogLevel) log_level));
+
+  Aws::Client::ClientConfiguration clientConfiguration;
+  if (request_timeout)
+  {
+     clientConfiguration.requestTimeoutMs= request_timeout;
+     clientConfiguration.connectTimeoutMs= request_timeout;
+  }
+  client = new KMSClient(clientConfiguration);
   if (!client)
   {
     sql_print_error("Can not initialize KMS client");
     DBUG_RETURN(-1);
   }
-  InitializeAWSLogging(Aws::MakeShared<MySQLLogSystem>("aws_key_management_plugin", (Aws::Utils::Logging::LogLevel) log_level));
+  
 #ifdef HAVE_PSI_INTERFACE
   mysql_mutex_register("aws_key_management", &mtx_info, 1);
 #endif
@@ -189,6 +209,8 @@ static int plugin_deinit(void *p)
   mysql_mutex_destroy(&mtx);
   delete client;
   ShutdownAWSLogging();
+
+  Aws::ShutdownAPI(sdkOptions);
   DBUG_RETURN(0);
 }
 
@@ -557,11 +579,19 @@ static MYSQL_SYSVAR_INT(rotate_key, rotate_key,
   "Set this variable to key id to perform rotation of the key. Specify -1 to rotate all keys",
   NULL, update_rotate, 0, -1, INT_MAX, 1);
 
+
+static MYSQL_SYSVAR_INT(request_timeout, request_timeout,
+  PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_READONLY,
+  "Timeout in milliseconds for create HTTPS connection or execute AWS request. Specify 0 to use SDK default.",
+  NULL, NULL, 0, 0, INT_MAX, 1);
+
+
 static struct st_mysql_sys_var* settings[]= {
   MYSQL_SYSVAR(master_key_id),
   MYSQL_SYSVAR(key_spec),
   MYSQL_SYSVAR(rotate_key),
   MYSQL_SYSVAR(log_level),
+  MYSQL_SYSVAR(request_timeout),
   NULL
 };
author	Vladislav Vaintroub <wlad@mariadb.com>	2016-09-27 11:18:24 +0000
committer	Vladislav Vaintroub <wlad@mariadb.com>	2016-09-27 11:18:24 +0000
commit	3f5aedccca25da72e21d7859b55edeb172d45ce0 (patch)
tree	59e5b21221ffdf3f2feed2750404cb0f2ab8a660
parent	f1aefd9d758a3d464d77ede64f960ff33326eb72 (diff)
download	mariadb-git-3f5aedccca25da72e21d7859b55edeb172d45ce0.tar.gz